TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
455
Signature ID: 12115
BomberClone Error Messages Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-0460
Bugtraq: 16697
Signature Description: BomberClone is a multi-player network game, it is free Bomberman-like game for Linux and
Windows. It features powerups that give you more strength, make you walk faster through the level, or let you drop
more bombs. BomberClone versions prior to 0.11.6.2 are vulnerable to a buffer overflow attack. A renote attacker
could send a long error message to the game server, This issue is due to a failure in the application to perform proper
boundary checks when processing these type of overly long error messages. By this type of messages the remote
attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user running
BomberClone. This event generate when the packet contains hex values |29 c7 80 7c| as error messsage.
Signature ID: 12116
BomberClone Error Messages Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-0460 Bugtraq: 16697
Signature Description: BomberClone is a multi-player network game, it is free Bomberman-like game for Linux and
Windows. It features powerups that give you more strength, make you walk faster through the level, or let you drop
more bombs. BomberClone versions prior to 0.11.6.2 are vulnerable to a buffer overflow attack. A renote attacker
could send a long error message to the game server, This issue is due to a failure in the application to perform proper
boundary checks when processing these type of overly long error messages. By this type of messages the remote
attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user running
BomberClone. This event generate when the packet contains hex values |8b 5e e9 77| as error message.
Signature ID: 12117
Computer Associates iTechnology iGateway Service Content-Length Heap Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3653 Bugtraq: 16354
Signature Description: ITechnology is an integration technology which provides standard web service interfaces to
third-party products, exposing normalized security event data and information in XML format. A buffer overflow
vulnerability exists in iGateway service component older than 4.0.051230 of iTechnology. A remote user can send an
HTTP request with a specially crafted, negative HTTP Content-Length value to the iGateway service on port 5250 on
the target system to trigger a buffer overflow. By also supplying a specially crafted, large URI, arbitrary code can be
executed on the target system. Administrators are advised to close the port 5250 for external users. This signature
checks for an overflow condition in the Content-Length mime field.
Signature ID: 12118
Computer Associates iTechnology iGateway Service Content-Length Heap Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3653 Bugtraq: 16354
Signature Description: ITechnology is an integration technology which provides standard web service interfaces to
third-party products, exposing normalized security event data and information in XML format. A buffer overflow
vulnerability exists in iGateway service component older than 4.0.051230 of iTechnology. A remote user can send an
HTTP request with a specially crafted, negative HTTP Content-Length value to the iGateway service on port 5250 on
the target system to trigger a buffer overflow. By also supplying a specially crafted, large URI, arbitrary code can be
executed on the target system. Administrators are advised to close the port 5250 for external users. This signature
checks for a negative length condition in the Content-Length mime field.