TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

415

Signature ID: 10175

RADIUS Digest Calculation Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2001-1376

Bugtraq: 3530

Signature Description: Remote Authentication Dial In User Service(RADIUS) is a networking protocol that provides

centralized access, authorization and accounting management for computers to connect and use a network service.

RADIUS Protocol is a denial of service vulnerability caused by a buffer overflow in the cal_acctdigest function.

When a message digest is calculated, the calc_acctdigest function allocates a 1024 byte buffer. This signature

detects when an attacker sending a packet containing exactly 1024 bytes. The successful exploitation of this

issue will allow an attacker to overflow a buffer and cause the server to crash or execute arbitrary code on the

system.

Signature ID: 10176

Access to Hosts.equiv with '+' Option

Threat Level: Information

Signature Description: The hosts.equiv (and .rhosts files) list hosts and users that are trusted by the local host when a

connection is made using the rshd service. The hosts.equiv file resides in the ROOTDIR/etc directory and lists the

remote machines that may connect to the local machine and the local user names those machines may connect as. The

target hosts.equiv may be misconfigured with a '+' in it, which would allow for users to rsh (or any other 'r' service for

that matter) into your host.

Signature ID: 10178

BNC IRC proxy Denial of Service Vulnerability

Threat Level: Information

Bugtraq: 7701

Signature Description: BNC(Bouncer) is an IRC(Internet Relay Chat) proxying server. It is used to relay traffic and

connection in computer networks, like a proxy. It forwards the information from the user to the server and vise versa. It

allows a user to hide the original source of the user's connection, providing privacy. It can also be used to hide the true

target to which a user connects. BNC, version 2.6.2, is a denial of service vulnerability. This signature detects when an

attacker send multiple invalid requests. This causes the service to stop accepting new requests. This issue is fixed in the

version 2.6.4. Administrators are advised to update the 2.6.4 version, which is available at vendor's web site.

Signature ID: 10182

Possible Kerberos IV Brute Force Attempt

Threat Level: Information

Industry ID: CVE-1999-0143 Bugtraq: 2351

Signature Description: The Kerberos Version 4 server is using a weak random number generator to produce session

keys. MIT Kerberos 4 4.0 is vulnerable to gain access vulnerability. On a computer of average speed, the session key

for a ticket can be broken in a maximum of 2-4 minutes, and sometimes in much less time. Using the Kerberos IV

Brute Force attack, the Kerberos IV Key Distribution Center (KDC) enables anyone to request a ticket-granting ticket.

Because certain parts of the ticket contents are known, and the ticket is encrypted with the user's password, attacker can

gain information.

Signature ID: 10184

MSDTC DoS by Flooding with Null Bytes

Threat Level: Critical

Industry ID: CVE-2002-0224

Bugtraq: 4006 Nessus: 10939

Signature Description: The Microsoft Distributed Transaction Service Coordinator (MSDTC) allows ditributed

transaction processing in a clustered or distributed environment. It is installed by default on Windows 2000, as well as