TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
404
service which may include domain-wide administrative rights. Upgrade to the latest version of software as listed in
VERITAS Software Support Document ID: 273419.
Signature ID: 9067
Volition Freespace 2 Game Client Remote Buffer Overflow
Threat Level: Information
Bugtraq: 9785
Signature Description: FreeSpace 2 is a 1999 space combat simulation computer game developed by Volition, Inc. as
the sequel to Descent: FreeSpace — The Great War. Volition Freespace 2 versions 1.20 and prior are prone to a
remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system
in order to gain unauthorized access.This vulnerability can be exploited by sending a server name of 180 characters or
more to a vulnerable client.When the client reads in the string, sensitive regions of memory may be corrupted with
attacker-supplied values.
Signature ID: 9068
Microsoft Windows Internet Naming Service Buffer Overflow(TCP)
Threat Level: Information
Industry ID: CVE-2003-0825 Bugtraq: 9624 Nessus: 12051,15912
Signature Description: Microsoft Windows Internet Name Service (WINS) is prone to a remotely exploitable buffer
overflow condition. Sending a series of specially crafted packets to the service could cause it to fail. On some Windows
platforms, this could also lead to execution of arbitrary code.
Signature ID: 9069
Microsoft Windows Internet Naming Service Buffer Overflow(UDP)
Threat Level: Information
Industry ID: CVE-2003-0825 Bugtraq: 9624 Nessus: 12051,15912
Signature Description: Windows Internet Name Service (WINS) is Microsoft's implementation of NetBIOS Name
Service (NBNS), a name server and service for NetBIOS computer names. <br>The Windows Internet Naming Service
(WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate
the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
On some Windows platforms, this could also lead to execution of arbitrary code.
Signature ID: 9070
Microsoft WINS Association Context Pointer Hijack Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-1080
CVE-2004-0567 Bugtraq: 11763,11922 Nessus: 15962,15970
Signature Description: Microsoft Windows Internet Naming Service (WINS) provides a mapping between IP addresses
and NETBIOS names. WINS provides a distributed database for registering and querying dynamic NetBIOS names to
IP address mappings in a routed network. One or more WINS servers can exchange this information to update their
database by using a feature called WINS replication. By default information exchange between WINS servers
(replication) happens on TCP port 42 by making use of a Microsoft proprietary protocol. A remotely exploitable buffer
overflow vulnerability exists while handling the Microsoft Windows Internet Naming Service (WINS) replication
protocol packets. Connection information for replication peers is stored in a data structure called the association
context. The header part of the packet contains a pointer to this association context data structure which is in a
particular range for various kinds of Windows versions. By constructing a malicious packet with association context
pointer pointing to an alternate address and with excess amount of data in the packet overflow a buffer and arbitrary
code can be executed. Administrators are advised to install the updates mentioned in MS04-045. Also open the port 42
for trusted users only.