TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

391

392

393

394

395

396

397

398

399

400

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

397

Signature ID: 9007

OpenSSH 2.3.1 authentication bypass vulnerability

Threat Level: Warning

Bugtraq: 2356 Nessus: 10608

Signature Description: OpenSSH 2.3.1. version is vulnerable to a flaw which allows an attacker who can obtain the

public key of a valid SSH user to log into this host without any authentication.

Signature ID: 9008

Rwhois format string attack

Threat Level: Warning

Industry ID: CVE-2001-0838 Bugtraq: 3474 Nessus: 10790

Signature Description: The rwhois daemon is vulnerable to a format string attack when supplied malformed arguments

to a '-soa' request. An attacker may use this flaw to gain a shell on this host.

Signature ID: 9009

Access on Vulnerable rwhois port

Threat Level: Information

Nessus: 10804

Signature Description: This rule informs administrator about an attempt that is made to connect to rwhois server. Few

versions of this service are vulnerable to format string attack, when an attacker supplies malformed arguments to a

request, (such as %p%p%p). An attacker may use this flaw to gain a shell on this host.

Signature ID: 9010

Access to Vulnerable SSH 3.0.0 from Outside

Threat Level: Warning

Industry ID: CVE-2001-0553 Bugtraq: 3078 Nessus: 10708

Signature Description: SSH 3.0.0. has a bug which allows any user to log into accounts whose password entry is two

chars long or less. An attacker may gain root privileges using this flaw. This rule alerts administrator about any acess

that is made to the SSH server running the vulnerable version 3.0.0 software.

Signature ID: 9011

NAI Management Agent overflow

Threat Level: Warning

Industry ID: CVE-2000-0447 Bugtraq: 1254 Nessus: 10425

Signature Description: The remote NAI WebShield SMTP Management tool is vulnerable to a buffer overflow which

allows an attacker to gain execute arbitrary code on this host when it is issued a tool long argument as a configuration

parameter. In addition to this, it allows an attacker to disable the service at will. To re-enable the service, execute

regedit and edit the registry key 'Quarantine_Path' under HKLM\SOFTWARE\Network Associates\TVD\WebShield

SMTP\MailScan - change its value from 'XXX...XXX' to the valid path to the quarantine folder. - restart the service

Signature ID: 9012

AFP FPLoginExt username buffer overflow attempt

Threat Level: Severe

Industry ID: CVE-2004-0430

Bugtraq: 10271

Signature Description: AppleFileServer is prone to a remote buffer overflow vulnerability that may allow a remote

attacker to execute arbitrary code in order to gain unauthorized access. The vulnerability is exposed when the

application receives a 'LoginExt' packet containing a malformed 'PathName' argument. Apple Mac OS X 10.3.3 and

prior are reported to be prone to this issue.