TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

441

442

443

444

445

446

447

448

449

450

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

443

communication between its clients and other CA Unicenter servers. This rule detects if any CA Unicenter's File

Transfer service accepts connections from external network, since such access is suspicious and may lead to

exploitation.

Signature ID: 12036

Access to Alcatel PABX 4400

Threat Level: Information

Industry ID: CVE-2002-1691 Bugtraq: 4127 Nessus: 11019

Signature Description: Alcatel is one of the leading company for providing IP-enabled IP-PBX systems. Alcatel PABX

4400 can be configured through the serial port or using the tcp port 2533. Due the sensitivity of the information, no

access to this device should be allowed from external network. This rule hits when IPS device detects an attempt to

connect Alcatel PABX from external network.

Signature ID: 12037

Access to Netware NDS Object

Threat Level: Information

Nessus: 10988

Signature Description: If the Novell Netware server has browse rights on the PUBLIC object, it is possible to

enumerate all NDS objects, including users, with crafted queries. An attacker can use this to gain information about this

host.

Signature ID: 12038

PC Anywhere Service is Running

Threat Level: Warning

Industry ID: CVE-1999-0508 Nessus: 10798,10747

Signature Description: PcAnywhere is an industry-leading remote control software that features remote management

paired with file transfer capabilities. pcAnywhere has the ability to help quickly resolve server support issues. The

pcAnywhere service does not require a password to access the system. When a legitimate user logs on to the system on

TCP port 5631, a remote attacker could hijack his session. pcAnywhere version 9.0 is vulnerable.

Signature ID: 12039

Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2001-0803

Bugtraq: 3517 Nessus: 10833

Signature Description: Common Desktop Environment (CDE) is a Motif-based graphical user environment for Unix

systems. It is shipped with a number of commercial Unix operating systems. A remotely exploitable buffer overflow

vulnerability exists in the CDE Subprocess Control Service (dtspcd) which accepts requests from clients to execute

commands and launch applications remotely. The server daemon makes a function call to a shared library,

libDTSvc.so.1, that contains a buffer overflow condition in the client connection negotiation routine. The buffer

overflow can be exploited by a specially crafted CDE client request. dtspcd servers from several vendors are affected

by this vulnerability. Install the patch released by your vendor or contact vendor for patch information.

Signature ID: 12041

Attempt to Gain LDAP Config

Threat Level: Information

Signature Description: A potential attacker can gain information about the LDAP server by accessing the LDAP

configuration. The configuration information can show what sort of backend is being used. This rule detects such

access from external network, and it is suspicious.