TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
401
Signature ID: 9039
CVS Double Free Heap Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0015
Bugtraq: 6650
Signature Description: CVS (Concurrent Versions System) is an open-source source code management and distribution
system available for most Linux and Unix-based operating systems. CVS versions 1.11.4 and earlier are prone to a
double free vulnerability in the Directory requests in the sense that it could allow a remote attacker to cause
dynamically allocated memory segments to be released twice. An attacker may potentially take advantage of this issue
to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code.
Signature ID: 9040
Racoon IKE Daemon Security Associations Deletion Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0164 Bugtraq: 9416
Signature Description: Internet key exchange (IKE) is the protocol used to set up a security association (SA) in the
IPsec protocol suite. Racoon, IKE daemon developed by KAME is vulnerable to delete SAs upon receiving a specially
crafted message. To send data using IPSEC, a Security Association (SA) needs to exists. When SA is not setup and if
Racoon receives a delete message containing the initiator cookie of a main/aggressive/base mode it fulfills the request,
if the message also includes a (dummy) hash payload and originates from the right IP address. IKE Daemon deletes the
IPsec SA specified by the SPI (Security Parameters Index) and associated IPsec SAs. A remote attacker could send a
specially-crafted ISAKMP message from a specific IP address to delete arbitrary IPsec SAs.
Signature ID: 9042
ISAKMP first payload certificate request length overflow attempt
Threat Level: Warning
Industry ID: CVE-2004-0040 Bugtraq: 9582
Signature Description: ISAKMP (Internet Security Association and Key Management Protocol) is a protocol for
establishing Security Associations (SA) and cryptographic keys in an Internet environment. The protocol is defined by
RFC 2408. A virtual private network (VPN) is a computer network in which some of the links between nodes are in
public network. Check Point Software Technologies Ltd. provides VPN solutions using ISAKMP. Stack-based buffer
overflow while handling large Certificate Request payload exchanges in Check Point VPN-1 Server 4.1 through 4.1
SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary
code via an ISAKMP packet with a large Certificate Request packet.
Signature ID: 9044
Racoon IKE Daemon INITIAL-CONTACT Message Security Associations Deletion
Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0164 Bugtraq: 9417,9416
Signature Description: Internet key exchange (IKE) is the protocol used to set up a security association (SA) in the
IPsec protocol suite. Racoon, IKE daemon developed by KAME is vulnerable to delete SAs upon receiving a specially
crafted message. IKE Daemon deletes the IPsec SA that is pointing to the source IP address of a ISAKMP message and
associated IPsec SAs, upon receipt of an INITIAL-CONTACT status notification that is chained to a specific payload.
A remote attacker could send a specially-crafted ISAKMP message from a specific IP address to delete arbitrary IPsec
SAs.