TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

401

402

403

404

405

406

407

408

409

410

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

405

Signature ID: 9071

EMule DecodeBase16 Function Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-1892

Bugtraq: 10039

Signature Description: EMule is a peer-to-peer file sharing application for Microsoft Windows. eMule version 0.42d is

vulnerable to a stack-based buffer overflow, caused by a vulnerability in the DecodeBase16 function. This function

decodes hexadecimal string supplied and stores in the destination buffer. There is no length check performed on the

input string nor on the destination buffer leading to a stack overflow. A remote attacker can exploit this vulnerability to

execute arbitrary code on an affected system by sending a crafted IRC SendLink request. Users are advised to upgrade

to new version.

Signature ID: 9072

PLD Software Ebola PASS Buffer Overflow

Threat Level: Information

Bugtraq: 9156

Signature Description: A buffer overflow condition is present in the authentication mechanism implemented in

Ebola.The condition is due to the use of the C library function sprintf() to construct an error message when

authentication is not successful.The vulnerability is remotely exploitable.

Signature ID: 9073

PLD Software Ebola USER Buffer Overflow

Threat Level: Information

Bugtraq: 9156

Signature Description: A buffer overflow condition is present in the authentication mechanism implemented in

Ebola.The condition is due to the use of the C library function sprintf() to construct an error message when

authentication is not successful.The vulnerability is remotely exploitable. This rule will trigger when there is an

overflow in USER filed at authentication time.

Signature ID: 9074

Gobbles SSH exploit attempt

Threat Level: Information

Industry ID: CVE-2002-0639

Bugtraq: 5093 Nessus: 11031

Signature Description: An Integer overflow vulnerability exists in sshd in OpenSSH 2.9.9 through 3.3. This allows

remote attackers to execute arbitrary code during challenge response authentication

(ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Signature ID: 9075

Kadmind buffer overflow attempt

Threat Level: Information

Industry ID: CVE-2002-1226

CVE-2002-1225 Bugtraq: 5731

Signature Description: Heimdal Kerberos Forwarding Daemon is vulnerable to Buffer Overflow attacks.The Heimdal

Kerberos Forwarding Daemon does not properly check information sent from a client to a server for the termination of

strings. As this information is often passed to additional programs that may be executed with elevated privileges, it

could be possible to exploit a buffer overflow in one of these programs.