TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
451
is a suspicious activity.An SQL database server that may result in a serious compromise of the data stored on that
system.
Signature ID: 12096
Buffer Overflow while parsing IRC traffic in Ettercap
Threat Level: Warning
Signature Description: This rule triggers when an attempt is made to exploit a buffer overflow vulnerability in Ettercap
version 0.6.2 and prior. Buffer overflow occurs while parsing the IRC traffic for 'nick' passwords. This is as a result of
an unchecked string copy of the captured password in the packet into a buffer used to store all retrieved passwords.
This enables a remote attacker to execute code of their choice as root on the compromised host.
Signature ID: 12097
AIX pdnsd Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0745 Bugtraq: 590,3237
Signature Description: This rule triggers when an attempt is made to overflow a buffer in the IBM Program Database
Name Server Daemon (PDNSD). The Source Code Browser's Program Database Name Server Daemon (pdnsd)
component of the C Set ++ compiler for AIX version 3.x contains a remotely exploitable buffer overflow. This
vulnerability could allow local or remote attackers to compromise root privileges on vulnerable systems.
Signature ID: 12098
Linux mountd program buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0002 Bugtraq: 121
Signature Description: This rule hits for the attack pattern "eb 40 5E 31 c0 40 89 46 04 89 c3 40 89 06" towards 635
destination port.NFS is used to share files among different computers over the network using a client/server paradigm.
There is a vulnerability in some implementations of the software that handles NFS mount requests (the mountd
program). Specifically, it is possible for an intruder to overflow a buffer in the area of code responsible for logging
NFS activity. Intruders who exploit the vulnerability are able to gain administrative access to the vulnerable NFS file
server. Affected versions include Caldera OpenLinux Standard 1.2, RedHat Linux 2.0, 2.1, 3.0.3, 4.0, 4.1, 4.2, 5.0, 5.1.
Signature ID: 12099
Linux mountd program buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0002 Bugtraq: 121
Signature Description: This rule hits for attack pattern "eb 56 5E 56 56 56 31 d2 88 56 0b 88 56 1e" towards 635
port.NFS is used to share files among different computers over the network using a client/server paradigm. There is a
vulnerability in some implementations of the software that handles NFS mount requests (the mountd program).
Specifically, it is possible for an intruder to overflow a buffer in the area of code responsible for logging NFS activity.
Intruders who exploit the vulnerability are able to gain administrative access to the vulnerable NFS file server. Affected
versions include Caldera OpenLinux Standard 1.2, RedHat Linux 2.0, 2.1, 3.0.3, 4.0, 4.1, 4.2, 5.0, 5.1.
Signature ID: 12100
Linux mountd program buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0002 Bugtraq: 121
Signature Description: NFS is used to share files among different computers over the network using a client/server
paradigm. There is a vulnerability in some implementations of the software that handles NFS mount requests (the
mountd program). Specifically, it is possible for an intruder to overflow a buffer in the area of code responsible for