Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
40
Signature ID: 217
OmniHTTPd visadmin exploit vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0970 Bugtraq: 1808 Nessus: 10295
Signature Description: A computer program that is responsible for accepting HTTP requests from clients and serving
them HTTP responses along with optional data contents is known as a webserver. The Common Gateway Interface
(CGI) is a standard protocol for interfacing external application software with an information server, commonly a web
server. OmniHTTPD is a web-server offered by Omnicron for the MS Windows platform. OmniHTTPD 1.1 to 2.0
Alpha 1(inclusive) are vulnerable to a denial of service attack. When the "visiadmin.exe" program is executed via CGI
with the argument "user=guest", it creates temporary files until the hard drive fills. The files then need to be manually
removed before anything can be written to the disk.
Signature ID: 218
VirusWall's catinfo BUFFER overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0432 Bugtraq: 2579 Nessus: 10650
Signature Description: Interscan Viruswall(Linux) is a Virus scanning software package distributed and maintained by
Trend Micro for the Llinux operating system. It is designed to scan for virus occurances in both incoming and outgoing
traffic via SMTP, FTP, and HTTP at the gateway of the network. A problem with the software package could lead
elevated privileges on the scanning system. The management interface used with the Interscan Viruswall uses several
programs in a cgi directory that contain buffer overflows. Additionally, the http daemon used to execute these programs
runs as root, and does not sufficiently control access to the programs, allowing a user to execute them directly.
Therefore, it is possible for a remote user to exploit buffer overflows in the cgi programs packaged with Interscan
Viruswall, and execute arbitrary commands are root on the system hosting Viruswall.
Signature ID: 219
W3-msql overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0012 Bugtraq: 898 Nessus: 10296
Signature Description: A Computer Database is a structured collection of records or data that is stored in a computer
system. A Relational database management system (RDBMS) is computer software that is based on the relational
model designed for the purpose of managing databases. Mini SQL (mSQL) is a light weight relational database
management system. w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for mSQL. In
Hughes Technologies Mini SQL (mSQL) 2.0.11 there are a number of buffer overflow vulnerabilities in w3-msql
program,one of which is exploitable. The exploitable buffer is the content-length field and the stack is overflowed
inside of a scanf() call. As a result, it is possible to execute arbitrary code remotely as the uid of the webserver (usually
nobody).
Signature ID: 220
Way-board CGI Access vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0214 Bugtraq: 2370 Nessus: 10610
Signature Description: A message board system is a program that allows people to leave public messages on a website.
Way-Board is a is a popular korean message board system. In Way-Board 2.0, a remote user could gain read access to
known files outside the root directory where Way-Board resides by requesting a known file in a specially crafted URL
that terminates with a '%00' sequence.