TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
406
Signature ID: 9077
Ssh CRC32 overflow vulnerability
Threat Level: Information
Industry ID: CVE-2001-0144 CVE-2001-0144 CVE-2002-1024 Bugtraq: 2347,5114 Nessus:
10972,10607,11381,11382
Signature Description: An integer-overflow bug in the CRC32 compensation attack detection code may allow remote
attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are
received by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer.
The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really
low value). SSH protocol version 1.5 is vulnerable to a integer overflow. Upgrade the patches are available from
vendors web site.
Signature ID: 9079
Winamp XM module name overflow
Threat Level: Warning
Signature Description: Winamp is vulnerable to Heap Overflow attacks.This is due to lack of boundary checking
within the code responsible for loading Fasttracker 2 ('.xm') mod media files by the Winamp media plug-in
'in_mod.dll', it is possible to make Winamp overwrite arbitrary heap memory and reliably cause an access violation
within the ntdll.RtlAllocateHeap() function. When properly exploited this allows an attacker to write any value to a
memory location of their choosing. In doing so, the attacker can gain control of winamp's flow of execution to run
arbitrary code. This code will run in the security context of the logged on user.
Signature ID: 9080
Computer Associates BrightStor ARCServe and Enterprise Backup Agent Buffer Overflow
Threat Level: Severe
Industry ID: CVE-2005-1272 Bugtraq: 14453 Nessus: 19387
Signature Description: Computer Associates BrightStor ARCServe Backup is a cross-platform backup and recovery
application. Backup Agents are available to provide backup support for additional applications, such as Microsoft SQL
Server, Oracle, SAP R/3, and Microsoft Exchange. BrightStor ARCserve Backup Agent for Microsoft SQL Server is a
component of the BrightStor ARCserve Backup system for handling backups of Microsoft SQL server data. A buffer
overflow vulnerability exists in various versions of Computer Associates BrightStor ARCserve and Enterprise Backup
Agents. Microsoft SQL Server within Computer Associates' BrightStor ARCserve Backup Agent causes stack based
buffer overflow when a string with a length over 3168 bytes is sent to the agent listening port, 6070 (default).
Successful exploitation allows remote attackers to execute arbitrary code with SYSTEM level privileges.
Administrators are advised to close the port 6070 for untrusted users.
Signature ID: 10003
Access to Amanda Ports
Threat Level: Information
Nessus: 10462
Signature Description: AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system
that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single
large capacity tape drive. AMANDA uses native dump and/or GNU tar facilities and can back up a large number of
workstations running multiple versions of Unix. The Amanda client version gives potential attackers additional
information about the system they are attacking.