TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

396

username root. If this is followed by a login failure event, the root login did not succeed. However, if no failure

message is observed, this may indicate that the root login succeeded.

Signature ID: 9001

LPRng Format String Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0917

Bugtraq: 1712 Nessus: 10522

Signature Description: LPRng is an implementation of the Berkeley lpr print spooling utility. LPRng daemon suffers

from string format vulnerability. Using this vulnerability, an attacker can execute arbitrary commands on the server.

There are reports that this has been exploited to remotely elevate privileges. This vulnerability was tested on RedHat

7.0. Earlier versions are likely also be vulnerable, as well as other operating systems which ship with LPRng. <br>

Signature ID: 9002

Possible FakeBO Buffer Overflow Attempt

Threat Level: Information

Nessus: 10066

Signature Description: The service FakeBO suffers from buffer overflow vulnerability, which can be exploited by the

attacker. An attacker may connect to the service port, then send a specially crafted buffer which will give him a shell

acess.

Signature ID: 9003

Gauntlet Firewall Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0437 Bugtraq: 1234 Nessus: 10420

Signature Description: Due to integration flaws in Cyber Patrol software, a vulnerability exists when Cyber Patrol

software is integrated in to the Network Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. The firewall could

be vulnerable to a buffer overflow attack on port 8999, which may give a shell access to anyone.

Signature ID: 9005

Libgtop_daemon Format String Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0927

Bugtraq: 3586 Nessus: 10812

Signature Description: The GNOME libgtop_daemon is used to monitor processes running on a remote Linux system

running GNOME. libgtop is vulnerable to a format string attack which may allow an attacker to cause stack

information to be written to the log file, and possibly lead to remote execution of arbitrary code.

Signature ID: 9006

NAI Management Agent Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0447

Bugtraq: 1254 Nessus: 10425

Signature Description: The NAI WebShield SMTP Management tool is vulnerable to a buffer overflow which allows

an attacker to execute arbitrary code on the host by issuing very long argument as a configuration parameter. In

addition to this, it allows an attacker to disable the service at will. To re-enable the service, administrator has to run

regedit.