TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
419
Signature Description: Macromedia Flash Media Server 2 software offers the unique combination of traditional
streaming media capabilities and a flexible development environment for creating and delivering innovative,interactive
media applications to the broadest possible audience.Flash media server uses TCP port 1111 for remote server
administration. An administrator can connect on this port and perform different tasks. It can be exploited by sending a
single character to the TCP port 1111, which results to server crash.
Signature ID: 10224
Mercury Mail Transport System MailBox Name Service Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-4411
Bugtraq: 16396
Signature Description: Mercury Mail Transport System is a mail server for Windows and Novell platforms. Mercury
Mail Transport System version 4.01b is vulnerable to a remotely exploitable buffer overflow. Mercury's Query Server
for Directory services (Phone book service), which runs on TCP port 105, contains a buffer overflow that can be
exploited to execute arbitrary code with SYSTEM privileges. According to RFC 2378, Phone book service is a client-
server mechanism where client issues few commands. By sending an overly long command to the default port 105 on
TCP, a remote attacker can crash the server or execute arbitary code. Upgrade to the latest version of the software
(version 4.1 or later). This rule may produce false positives if some other service other than Phone book service is
running on TCP port 105.
Signature ID: 10225
Microsoft Systems Management Server Remote Denial Of Service
Threat Level: Severe
Industry ID: CVE-2004-0728 Bugtraq: 10726
Signature Description: Microsoft System Management Server provide configuration management solution for windows
platform. It is widely deployed in medium and large network environments. Microsoft Systems Management Server
(SMS version 2.50.2726.0) is vulnerable to a remote denial of service vulnerability. By sending a specially-crafted
packets containing the string "RCH0####RCHE" followed by large number of chracters (over 130) to TCP port 2702, a
remote attacker could cause the service to crash.
Signature ID: 10226
WodSSHServer Key Exchange Algorithm String Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-2407 Bugtraq: 17958 Nessus: 21580
Signature Description: WodSSHServer is an SSH Server ActiveX component that gives the ability to easily add SSH2
(and SFTP) server capabilities to an application. A vulnerability has been identified in wodSSHServer ActiveX
Component, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer
overflow error when handling a specially crafted key exchange algorithm string received from an SSH client, which
could be exploited by remote attackers to compromise a vulnerable system. This signature checks the protocol
exchange packets for possible attack traffic.
Signature ID: 10227
WodSSHServer Key Exchange Algorithm String Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-2407
Bugtraq: 17958 Nessus: 21580
Signature Description: WodSSHServer is an SSH Server ActiveX component that gives the ability to easily add SSH2
(and SFTP) server capabilities to an application. A vulnerability has been identified in wodSSHServer ActiveX
Component, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer
overflow error when handling a specially crafted key exchange algorithm string received from an SSH client, which
could be exploited by remote attackers to compromise a vulnerable system. This signature checks the key exchange init
packets for possible attack traffic.