TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
403
Signature Description: Ethereal is a free packet sniffer computer application. It is used for network troubleshooting,
analysis, software and communications protocol development, and education. A remote buffer-overflow vulnerability
reportedly affects Ethereal 0.10.9 and earlier because it fails to securely copy network-derived data into sensitive
process buffers. The specific issue resides in the 'dissect_a11_radius' function in the CDMA A11 (3G-A11) dissector-
'packet-3g-a11.c'. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that
activated the vulnerable application. This signature detects attacks on MSID field for registration in RADIUS packets.
Signature ID: 9063
Ethereal RADIUS dissector buffer overflow vulnerability
Threat Level: Information
Industry ID: CVE-2005-0699
Bugtraq: 12759
Signature Description: Ethereal is a free packet sniffer computer application. It is used for network troubleshooting,
analysis, software and communications protocol development, and education. A remote buffer-overflow vulnerability
reportedly affects Ethereal 0.10.9 and earlier because it fails to securely copy network-derived data into sensitive
process buffers. The specific issue resides in the 'dissect_a11_radius' function in the CDMA A11 (3G-A11) dissector-
'packet-3g-a11.c'. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that
activated the vulnerable application. This signature detects attacks on vendor attribute type in RADIUS packets.
Signature ID: 9064
SecureCRT SSH Identifier String Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-1059 Bugtraq: 5287
Signature Description: SecureCRT is an SSH client that supports X-session forwarding and secure file transfer
developed by VanDyke's Software. SecureCRT versions 3.4 and 4.0 Beta are vulnerable to a buffer overflow while
checking the version string sent by SSH server. Usually once a TCP connection is established to SSH server, it
responds with a SSH protocol version string. If a malicious server responds with a long version identifier string
SecureCRT doesn't handle it properly while copying the long string and hence buffer overflow occurs. A remote
attacker in control of a malicious SSH server could execute arbitrary code with privileges of the SecureCRT
application. Upgrade to latest version of SecureCRT available from VanDyke's website.
Signature ID: 9065
Solaris lpd Remote Command Execution
Threat Level: Information
Bugtraq: 3274
Signature Description: The print protocol daemon in 'in.lpd' (or 'lpd'), shipped with Sun Solaris 2.0 to Sun Solaris 8.0
versions are vulnerable to Remote Command Execution.This allow remote attackers to execute arbitrary commands on
target hosts with superuser privileges.
Signature ID: 9066
Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1172 Bugtraq: 11974
Signature Description: Backup Exec is backup software for Microsoft Windows environments developed by Veritas. A
stack based buffer overflow exists in Veritas Backup Exec 8.x (prior to 8.60.3878 Hotfix 68), and 9.x (prior to 9.1.4691
Hotfix 40). The Backup Exec Agent Browser is a server component that monitors port 6101/TCP for available agents
on the network. To register as a client with the server they have to send a registration request which contains host name
and connecting port of client. The vulnerability is caused by improper bounds checking by the Agent Browser service
when handling incoming registration requests with large host name string. By sending a malicious registration request,
a remote attacker may be able to crash affected systems or execute arbitrary code with the privileges of the running