TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
422
Signature Description: MySQL MaxDB is a heavy-duty, SAP-certified open source database. A web based application
interface Webtool which acts as a HTTP server is provided with MaxDB. The If header is a part of WEBDAV and it's
purpose is to describe a series of state lists. If the state of the resource to which the header is applied does not match
any of the specified state lists then the request MUST fail. A remote buffer overflow vulnerability exists in the way
Webtool component handles the 'If' parameter string for UNLOCK method in a HTTP request. This issue is due to a
failure of the application to properly validate the length of user-supplied strings prior to copying them into static
process buffers. An attacker may exploit this issue by sending a malicious HTTP UNLOCK request along with a long
If parameter to MaxDB Webtool default port 9999. Successful exploitation may allow execution of arbitrary code with
the privileges of the user that activated the vulnerable application.
Signature ID: 10236
Novell ZENworks Management Agent Type 1 Authentication Request Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1543 Bugtraq: 13678
Signature Description: Novell ZENWorks software suite is designed for managing desktops, laptops, servers, handheld
devices, etc. in a large enterprise. Novell ZENworks Server Management 6.5 and prior versions are vulnerable to stack
based buffer overflow vulnerability. This vulnerability exists in authentication protocol implementation of Novell
ZENworks Management Agent ZenRem32.exe. A remote attacker can follow the Type 1 authentication procedure to
overflow the password field with a string that is longer than 32 bytes. Successful exploitation causes a Denial of
Service (DoS) condition or allow execution of malicious code. It may be possible for an attacker to use these
vulnerabilities to perform further related attacks against the system in the default configuration. Administrators are
advised to close the port 1761 to untrusted users.
Signature ID: 10237
PeerCast URL Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1806 Bugtraq: 13808
Signature Description: PeerCast is an open source streaming media multicast tool. A remotely exploitable format string
vulnerability exists in PeerCast versions 0.1211 and prior. The vulnerability is due to a format string error when
handling specially crafted HTTP requests (over TCP port 7144), which may be exploited by remote attackers to crash
or compromise a vulnerable server. Administrators are advised to upgrade to the latest version of Peercast (0.1212 or
later).
Signature ID: 10238
HP OpenView Radia Notify Daemon Command Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1825
Bugtraq: 13835
Signature Description: HP OpenView Radia is a desktop management software designed for Windows and Unix based
Operating systems. Radia Notify Daemon (radexecd) in Radia software is a server which listens for commands on TCP
port 3465 and executes them on behalf of administrator or other Radia process. The Notify Daemon is vulnerable to a
remote buffer overflow vulnerability while copying the received command to a local buffer. radexecd accepts requests
of the form <callback port>\0<username>\0<password>\0<command>\0 (where \0 is a NULL delimiter/terminator). By
sending a specially-crafted command that is longer than 516 bytes to the RADEXECD component, a remote attacker
could overflow a buffer and execute arbitrary code on the system with privileges of the RADEXECD process.
Administrators are advised to close the port 3465 for untrusted users.