TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

451

452

453

454

455

456

457

458

459

460

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

452

logging NFS activity. Intruders who exploit the vulnerability are able to gain administrative access to the vulnerable

NFS file server. Affected versions include Caldera OpenLinux Standard 1.2, RedHat Linux 2.0, 2.1, 3.0.3, 4.0, 4.1, 4.2,

5.0, 5.1.

Signature ID: 12101

MDBMS Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0446 Bugtraq: 1252

Signature Description: Multidimensional DataBase Management System (MDBMS)ships with several Linux

distributions such as Debian, RedHat, SuSE. MDBMS versions .99b6 and prior are vulnerable to a buffer overflow. By

supplying a line of specific length to the MDBMS server, containing machine executable code, it is possible for a

remote attacker to execute arbitrary commands on the user database.

Signature ID: 12102

Talkd Buffer Overflow vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0048 Bugtraq: 210

Signature Description: This rule triggers when an attempt is made to exploit a buffer overflow associated with talkd

daemon. Talk is used to communicate between users of UNIX based operating systems. A vulnerability exists such that

a buffer overflow condition in talk can be exploited by a malicious user. Attacker may be able to pass bogus hostname

information to talkd and gain root access.This may then present the attacker with the opportunity to gain root access to

the target system.

Signature ID: 12103

Ntpd Remote Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0414 Bugtraq: 2540 Nessus: 10982,10647

Signature Description: This rule triggers when an attempt is made to exploit a buffer overflow associated with Network

Time Protocol (ntpd) daemon. NTP, the Network Time Protocol, is used to synchronize the time between a computer

and another system or time reference. A buffer overflow exists in many versions of ntpd that is remotely exploitable.

An attacker may be able to crash the daemon or execute arbitrary code via a long readvar argument on the host.

Signature ID: 12104

Fujitsu Chocoa "Topic" Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0672

Bugtraq: 573

Signature Description: Fujitsu Chocoa is an IRC (Internet Relay Chat) client for Windows. Fujitsu Chocoa IRC client

version 1.0beta7R is vulnerable to a buffer overflow in the code that processes channel topics. By sending a topic from

the server with exploit code, an attacker can overflow the buffer and execute arbitrary commands on the client system.

Signature ID: 12105

SCO UNIX calserver Remote Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0306

Bugtraq: 2353

Signature Description: This rule triggers when an attempt is made to exploit a buffer overflow associated with

Calserver in SCO Openserver Operating System. Calserver is a calendar service shipped with SCO OpenServer. If

Calserver is running in local mode, the vulnerability could be exploited by a user on the local machine, leading to a

privilege-elevation attack. If Calserver is running in remote mode, the vulnerability could be exploited by remote

attackers to execute arbitrary commands with root privileges.