TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
392
portions. Remote attackers can exploit this vulnerability to execute arbitrary code, or to create a denial of service
condition on an infected system. Linux.Slapper.Worm and its variants exploit this vulnerability for attacks.
Signature ID: 8005
SCO i2odialogd Buffer Overrun Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0026
Bugtraq: 0876 Nessus: 10109
Signature Description: UnixWare is a variant of the Unix operating system originally written by SCO. i20dialogd is a
daemon which provides a front-end for controlling the i20 subsystem. It is shipped with SCO Unixware and installed
running as root by default. If a user sends a long login/password combination to this i2odialogd server, then it is
possible to overflow the server's buffers. An attacker can use this flaw to execute arbitrary code on the remote system.
Signature ID: 8006
OpenSSL V3 client large session ID buffer overflow
Threat Level: Warning
Industry ID: CVE-2002-0656 Bugtraq: 5363,5362 Nessus: 11060
Signature Description: OpenSSL is an open-source implementation of SSL protocol. OpenSSL clients using SSLv3
prior to version 0.9.6e and pre-release version 0.9.7-beta2 contain a buffer overflow vulnerability. A malicious server
can exploit this by sending a large session ID to the client during the handshake process. A remote attacker may be able
to execute arbitrary code on the client system with the privileges of the current user.
Signature ID: 8008
Access to Vulnerable MBDMS DataBase Detected
Threat Level: Information
Industry ID: CVE-2000-0446 Bugtraq: 1252 Nessus: 10422
Signature Description: A vulnerability exists in the MDBMS database, up to and including .99b6 version. By
supplying a line of sufficient length to the MDBMS server, containing machine executable code, it is possible for a
remote attacker to execute arbitrary commands. This rule detects any access that is made to access MDBMS database
of version 0.99b6 or less.
Signature ID: 8009
Computer Associates BrightStor ARCserve Backup UniversalAgent Default Backdoor Account
Access
Threat Level: Severe
Industry ID: CVE-2005-0349 Bugtraq: 12522 Nessus: 16390
Signature Description: Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery
application. The UniversalAgent module for UNIX listens on TCP/UDP port 6051 and is used to perform backups on
nodes across the network and is capable of backing up system settings as well as files. This agent service requires either
administrative credentials or a node-specific password. The software includes a hard-coded backdoor account with a
common authentication password. By authenticating with username "\x02root\x03" and password
"\x02<%j8U]`~+Ri\x03" (without quotes)a remote user can gain full access to the file system and execute arbitrary
commands with "root" privileges. Administrators are advised to close the port 6051 for external users.
Signature ID: 8010
Computer Associates BrightStor ARCserve Backup UniversalAgent Default Backdoor Account
Access
Threat Level: Severe
Industry ID: CVE-2005-0349
Bugtraq: 12522 Nessus: 16390