TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
425
Signature Description: Novell ZENWorks software suite is designed for managing desktops, laptops, servers, handheld
devices, etc. in a large enterprise. A stack based buffer overflow vulnerability exists in authentication protocol
implementation of Novell ZENworks Managemt Agent ZenRem32.exe. A remote attacker can follow the Type 1
authentication procedure to overflow the password field with a string that is longer than 32 bytes. Successful
exploitation causes a Denial of Service (DoS) condition or allow execution of malicious code. It may be possible for an
attacker to use these vulnerabilities to perform further related attacks against the system in the default configuration.
Administrators are advised to close the port 1761 to untrusted users.
Signature ID: 10247
Novell ZENworks Management Agent Type 1 Authentication Request Password Buffer
Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1543 Bugtraq: 13678
Signature Description: Novell ZENWorks software suite is designed for managing desktops, laptops, servers, handheld
devices, etc. in a large enterprise. Novell ZENworks Server Management 6.5 and prior versions are vulnerable to stack
based buffer overflow vulnerability. This vulnerability exists in authentication protocol implementation of Novell
ZENworks Management Agent ZenRem32.exe. A remote attacker can follow the Type 1 authentication procedure to
overflow the password field with a string that is longer than 32 bytes. Successful exploitation causes a Denial of
Service (DoS) condition or allow execution of malicious code. Administrators are advised to close the port 1761 to
untrusted users.
Signature ID: 10248
Novell ZENworks Management Agent Type 1 Authentication Request Password Buffer
Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1543 Bugtraq: 13678
Signature Description: Novell ZENWorks software suite is designed for managing desktops, laptops, servers, handheld
devices, etc. in a large enterprise. A stack based buffer overflow vulnerability exists in authentication protocol
implementation of Novell ZENworks Management Agent ZenRem32.exe. A remote attacker can follow the Type 1
authentication procedure to overflow the password field with a string that is longer than 32 bytes. Successful
exploitation causes a Denial of Service (DoS) condition or allow execution of malicious code. Administrators are
advised to close the port 1761 to untrusted users.
Signature ID: 10508
Possible FTP Conversion Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0997
Bugtraq: 2240
Signature Description: Some FTP servers provide a "conversion" service that pipes a requested file through a program,
before it is passed to the remote user (client). Under some configurations where this is enabled an attacker can pass a
filename beginning with a minus sign to FTP, which will pass this as an argument to the compression/archiver program
(where it will be erroneously treated as a command line argument other than a filename). It may be possible to exploit
this and execute commands on a remote machine. This rule triggers when a possible exploit of this vulnerability is seen
wherein TAR program is assumed to be called by using the following parameter "--use-compress-program" passed to
tar. Any executable can be appended at the end of this string to run on the server. The remote user must have access to
a writeable directory in order to exploit this. See exploit for details.