TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
421
computer. The Veritas Backup Exec package provides both an RPC service, and DCOM request handler through
beserver.exe. The Backup Exec Server service registers an RPC interface on a TCP endpoint with ID 93841fd0-16ce-
11ce-850d-02608c44967b on port 6106. An access validation vulnerability exists in Veritas Backup Exec Server for
Windows. Unauthenticated remote attackers can connect to this interface by sending crafted Distributed Computing
Environment Remote Procedure Call (DCERPC) requests to affected backup servers. Successful exploitation allows
remote attackers to access the Windows registry on the backup server with administrator privileges. Administrators are
advised to close the port 6106 for external users.
Signature ID: 10232
PostgreSQL make_select_stmt Function arbitrary Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0247 Bugtraq: 12417
Signature Description: PostgreSQL is an open-source relational database management system (DBMS) that supports
SQL constructs. PostgreSQL 8.0.1 and earlier contains a vulnerability while handling large number of INTO variables
in a SELECT statement in the make_select_stmt function. By sending a specially-crafted query containing arbitrary
variables in a SQL statement, a remote attacker could overflow a buffer and execute arbitrary code on the system with
user privileges. Administrators are advised to close the ports 5432 and 5321 to external users
Signature ID: 10233
PostgreSQL make_select_stmt Function arbitrary Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0247 Bugtraq: 12417
Signature Description: PostgreSQL is an open-source relational database management system (DBMS) that supports
SQL constructs. PostgreSQL 8.0.1 and earlier contains a vulnerability while handling large number of INTO variables
in a SELECT statement in the make_select_stmt function. By sending a specially-crafted query containing arbitrary
variables in a SQL statement, a remote attacker could overflow a buffer and execute arbitrary code on the system with
user privileges. Administrators are advised to close the ports 5432 and 5321 to external users.
Signature ID: 10234
Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1018
Bugtraq: 13102
Signature Description: Computer Associates BrightStor ARCserve Backup products provide backup services for
Windows, NetWare, Linux and UNIX. The BrightStor software uses a network agent callede Universal agent to
perform backups on nodes across the network. The module, UnivAgent.exe listens on TCP and UDP ports 6050 by
default. A buffer overflow vulnerability exists in Universal agent caused by failure of the application to securely copy
data from the network. By connecting to TCP port 6050 and sending a specially-crafted string that precedes an option
field setting of 0, 3, or 1000, a remote attacker could overflow a buffer. The service won't crash as the agent software
includes its own exception handler and when each time overflow occurs the handler will restore the service back to an
operating state. Since the software is in operating state the heap memory allocated to request message won't be
released. Sending many crafted requests may cause denial of service or allow execution of arbitrary code. Successful
exploitation of this vulnerability allows for a remote unauthenticated compromise with system level access.
Administrators are advised to close the port 6050 for untrusted clients.
Signature ID: 10235
MySQL MaxDB Webtool HTTP UNLOCK Request If Parameter Stack Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1274 Bugtraq: 13378