TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
437
Server 2003, Microsoft Analysis Services 2000 (included with SQL Server 2000), and any third-party programs that
use PCT (MS04-011)
Signature ID: 11045
IMAP Ipswitch EXAMINE Argument Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0707 Bugtraq: 12780
Signature Description: Ipswitch Collaboration Suite (ICS) is a comprehensive communication and collaboration
solution for Microsoft Windows.The Ipswitch Collaboration Suite IMail IMAP service ( IMAP4d32.exe version
12.8.27.14.)is reported prone to a buffer overflow vulnerability.This can be exploited to cause a buffer overflow by
passing an overly long string (about 259 bytes) as argument to the "EXAMINE" command.The issue exists due to a
lack of sufficient boundary checks performed on arguments that are passed to the EXAMINE command. Upgrade the
latest patches are available from vendors web site.
Signature ID: 11046
IMAP SELECT Command with Command Length Exceeding 200 Bytes
Threat Level: Severe
Industry ID: CVE-2006-1255 CVE-2005-3155 Bugtraq: 17138,15006 Nessus: 21116
Signature Description: IMAP SELECT command selects a mailbox so that messages in the mailbox can be accessed.
Only one mailbox can be selected at a time in a connection. This rule triggers when an attempt is made to trigger a
buffer overflow associated with an IMAP product by using SELECT command. In this case SELECT command with
argument length exceeding 200 bytes causes this rule hit. Products like MERCUR Messaging 2005 5.0 SP3 IMAP
Server are vulnerable to this type of attack. No remedy available as of July 6, 2008.
Signature ID: 11201
RedHat Linux IMAP iimapx-tekneeq/imapx-adm/imapd-ex buffer overflow
Threat Level: Information
Signature Description: Internet Message Access Protocol (IMAP) is a method of accessing electronic mail or bulletin
board messages that are kept on a mail server. The IMAP service implemented in RedHat Linux 4.1 , 4.2 and 5.0 i.e.,
imapd versions 9.0, 10.166, 10.190, 10.205 and 10.223 are vulnerable to a buffer overflow vulnerability that can be
exploited remotely. A successful exploitation of this attack will allow an attacker to execute remote code.
Signature ID: 11412
Message Queue Manager Buffer overflow
Threat Level: Information
Industry ID: CVE-2003-0995
Signature Description: Microsoft Windows 2000, XP and NT 4.0 are vulnerable to a buffer overflow attack in the
Message Queue Manager caused by improper bounds checking. The Message Queue Manager is accessible via the
Remote Procedure Call (RPC) service. A remote attacker could send a specially-crafted queue registration request to
overflow a buffer and execute arbitrary code on the system with Local System privileges and cause the RPC service to
crash.
Signature ID: 11414
Windows Microsoft Workstation Service remote buffer overflow UDP
Threat Level: Information
Industry ID: CVE-2003-0812 Bugtraq: 9011 Nessus: 11921
Signature Description: A buffer overflow vulnerability exists in the Microsoft Workstation service. A remote attacker
that can send a specially-crafted network message to the vulnerable system could exploit this vulnerability to execute
arbitrary code with system privileges. This buffer overflow bug is within network management functions provided by