TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
399
Signature ID: 9030
Knox Arkeia Network Backup Client Type 84 Request Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0491
Bugtraq: 12594
Signature Description: Knox Arkeia Network Backup Client is an application designed to provide data protection for
Microsoft Windows and Unix-based operating systems. A stack based buffer overflow vulnerability exists in the binary
arkeiad.exe of the Arkeia Network Backup Client versions 5.3.4 and prior. The issue occurs due to insufficient bounds
checking performed when handling data contained within a type 84 request packet. A remote attacker can exploit this
vulnerability by constructing a specially crafted Type 84 (0x4D) request packet with length field setting to more than
256 bytes and sending it to TCP port 617. Successful exploitation results in execution of arbitrary code with root or
LocalSystem privileges. Adminsitrators are advised to update the software.
Signature ID: 9031
Bontago Game Server Nickname Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0501 Bugtraq: 12603
Signature Description: Bontago is a strategy game running on Microsoft Windows. Bontago versions 1.1 and earlier
are vulnerable to a buffer overflow, caused by improper bounds checking in the handling of nicknames. By sending an
overly long nickname containing more than 512 bytes, a remote attacker could overflow a buffer and execute arbitrary
code on the system.
Signature ID: 9032
Computer Associates License Server/Client GCR CHECKSUMS Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0581 Bugtraq: 12705
Signature Description: The Computer Associates License Client/Server applications provide a method for CA products
to register their licenses on the network. A buffer overflow vulnerability exists in Computer Associates License
Server/Client versions 1.53 to 1.61.8. GCR message is used to communicate between the license server and client for
various information exchange. The vulnerability specifically exists due to insufficient bounds checking on user-
supplied values in GCR CHECKSUMS packet. By constructing specially crafted GCR CHECKSUMS packet by
setting the second or fifth or eigth or eleventh parameter to a large string and sending it to the license server/client
results in stack overflow. Successful exploitation allows remote attackers to execute arbitrary code under the privileges
of Local System. Administrators are advised to close the ports 10202, 10203 and 10204 for external users.
Signature ID: 9033
Computer Associates License Server/Client GCR NETWORK Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0581 Bugtraq: 12705
Signature Description: The Computer Associates License Client/Server applications provide a method for CA products
to register their licenses on the network. A buffer overflow vulnerability exists in Computer Associates License
Server/Client versions 1.53 to 1.61.8. GCR message is used to communicate between the license server and client for
various information exchange. The vulnerability specifically exists due to insufficient bounds checking on user-
supplied values in GCR NETWORK packet. By constructing specially crafted GCR NETWORK packet by setting the
IP address or hostname or netmask fields to a large string and sending it to the license server/client results in stack
overflow. Successful exploitation allows remote attackers to execute arbitrary code under the privileges of Local
System. Administrators are advised to close the ports 10202, 10203 and 10204 for external users.