TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

441

442

443

444

445

446

447

448

449

450

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

441

network and inviting computers to make use of its services. By sending a specially-malformed NOTIFY directive as a

unicast or multicast NOTIFY message, an attacker can overflow a buffer in the UPnP service to gain system level

privileges on the affected system or systems.

Signature ID: 12017

LCDproc is Running

Threat Level: Warning

Industry ID: CVE-2000-0295 Bugtraq: 1131 Nessus: 10378

Signature Description: LCDproc is a system that is used to display system information and other data on an LCD

display (or any supported display device, including curses or text) The LCDproc version 4.0 and above uses a client-

server protocol, allowing anyone with access to the LCDproc server to modify the displayed content.<br>

Signature ID: 12018

Microsoft Universal Plug and Play Simple Service Discovery Protocol Denial of Service

Vulnerability

Threat Level: Information

Industry ID: CVE-2001-0877 Bugtraq: 3724 Nessus: 11765

Signature Description: Universal Plug and Play (UPnP) is a capability that allows devices on a network to discover

other devices and determine how to work with them. The Simple Service Discovery Protocol (SSDP) is a component of

UPnP that allows a system to enumerate the resources of a newly installed network device on a UPnP network. On a

default installation of Windows XP/ME system, if a malicious spoofed UDP packet containing an SSDP advertisement

was sent, an attacker can force the system to hang causing a denial of service. Only default installation of Windows

XP/ME are affected for this kind of traffic.

Signature ID: 12019

NAI Management Agent Information leak Vulnerability

Threat Level: Information

Industry ID: CVE-2000-0448 Bugtraq: 1253 Nessus: 10424

Signature Description: The remote NAI WebShield SMTP Management tool gives away its configuration when it is

issued the command: GET_CONFIG. This may be of some use to a cracker who will gain more knowledge about this

system. It is advised to monitor these activities carefully as they are suspicious.

Signature ID: 12020

IP Invalid TTL Option

Threat Level: Information

Signature Description: This rule gets hit when an attempt is made to send a packet with zero value in IP header TTL

field. This is not a valid packet. In valid IP packet, the TTL value will be sufficiently high enough to reach the

destination. This may be a trace route packet or some other malicious attempt.

Signature ID: 12022

Oracle tnslsnr is Running with No Password

Threat Level: Warning

Nessus: 10660

Signature Description: Oracle Enterprise Server ships with a server program called listener used for remote database

access. The remote Oracle tnslsnr has no password assigned by default. It can be used by the attacker to shut it down

arbitrarily, thus preventing legitimate users from using it properly.