TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
442
Signature ID: 12023
Oracle tnslsnr Listner Program Vulnerable via SET TRC_FILE or SET LOG_FILE
Threat Level: Warning
Industry ID: CVE-2000-0818 Bugtraq: 1853
Signature Description: Oracle Enterprise Server ships with a server program called listener (tnslsnr) used for remote
database access. The default configuration of listener, which accepts remote commands from listener controllers, does
not require a password for authentication of remote connections. Due to this condition, unauthorized clients can
connect to and send certain commands to the listener. Two such commands are SET TRC_FILE and SET LOG_FILE
which allow the connecting client to tell the listener server what logfiles to use. By using these commands, the listener
program can be configured to append and/or overwrite logging and tracing information to any operating system file that
can be written by the Oracle owner, such as an alert file or a database file, and thereby corrupt an Oracle database and
potentially introduce malicious code into the operating system. Administrators are advised to close the port 1521 for
untrusted clients.
Signature ID: 12032
Access to PPTP Service
Threat Level: Information
Nessus: 10622
Signature Description: Windows PPTP (VPN) service allows remote users to connect to the internal network. This
service should be protect with encrypted username & password combinations, and should be accessible only to trusted
individuals. By default the service leaks out such information as Server version (PPTP version), Hostname and Vendor
string. This could help an attacker to better prepare her next attack.
Signature ID: 12033
Possible RealServer Memory Content Disclosure Attempt
Threat Level: Warning
Industry ID: CVE-2000-1181 Bugtraq: 1957 Nessus: 10554
Signature Description: RealServer (version 7 and below) discloses the content of its memory when GET
/admin/includes/ request is issued. It may disclose random pieces of the server's runtime memory which may contain
information on previous sessions including cookies, usernames, passwords and the port number where the
administrative server listens. This information may be used by a cracker to obtain administrative control on this server,
or to gain more knowledge about it.
Signature ID: 12034
Possible DoS Attempt on XTramail Server Admin Interface
Threat Level: Critical
Industry ID: CVE-1999-1511 Bugtraq: 791 Nessus: 10323
Signature Description: XtraMail 1.11 (or lower versions) suffers from several vulnerabilities due to unchecked buffers
sizes. When these vulnerabilities are exploited, it leads to crashing the server and cause a denial of service. One of such
vulnerability exists in XtraMail administration utility. XtraMail includes a remote administration utility which listens
on port 32000 for logins. The username buffer will be overflowed with a string of 10,000 characters or more. This rule
hits when system detects an attempt to overflow admin username.
Signature ID: 12035
CA Unicenter's File Transfer Service is running TCP:3104
Threat Level: Information
Nessus: 10032
Signature Description: CA Unicenter File Transfer Service uses TCP ports 3104, 4105 and UDP port 4104<br>for