TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
456
Signature ID: 12119
Yahoo Messenger Multiple Vulnerabilities
Threat Level: Warning
Industry ID: CVE-2002-0031 CVE-2002-0032 Bugtraq: 4837,4838
Signature Description: Buffer overflows in Yahoo Messenger 5,0,0,1064 and earlier allows remote attackers to execute
arbitrary code via a ymsgr URI with long arguments to call, sendim, getimv, chat, addview, or addfriend. Yahoo
Messenger configures the 'ymsgr:' URI handler when it is installed. The handler invokes YPAGER.EXE with the
supplied parameters. YPAGER.EXE accepts the 'call' argument, it is used for starting the 'Call Center' feature. If a
malicious link is sent to users and if a user clicks on that, the victim's computer security can be compromised. This rule
triggers when a page with malicious link is being accessed by a user.
Signature ID: 12120
D-Link Routers UPNP M-SEARCH Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3687 Bugtraq: 19006
Signature Description: Universal Plug and Play (UPnP) is a system that allows network devices to operate together.
When a device adds itself to a UPnP network, it may send a broadcast request called M-SEARCH directive to get
information about other UPnP devices already on the network. D-Link router's LAN or WLAN interface is affected by
a buffer overflow when it receives an over sized M-SEARCH request. Successful exploitation of the vulnerability
allows an attacker to execute privileged code on an affected device. Administrators are advised to close the port 1900
for external users.
Signature ID: 12121
D-Link Routers UPNP NOTIFY Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3687 Bugtraq: 19006
Signature Description: Universal Plug and Play (UPnP) is a system that allows network devices to operate together.
When a device adds itself to a UPnP network, it may send a broadcast request called NOTIFY directive announcing its
presence on the network and inviting computers to make use of its services. D-Link router's LAN or WLAN interface is
affected by a buffer overflow when it receives an over sized NOTIFY request. Successful exploitation of the
vulnerability allows an attacker to execute privileged code on an affected device. Administrators are advised to close
the port 1900 for external users.
Signature ID: 12122
Novell eDirectory Server iMonitor Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2551 Bugtraq: 14548
Signature Description: Novell eDirectory iMonitor is a service for monitoring servers in an eDirectory installation. A
buffer overflow vulnerability exists in Novell eDirectory version 8.7.3 iMonitor for Microsoft Windows 2000, 2003
and NT. A remote attacker can exploit this vulnerability via a specially-crafted HTTP request. Successful exploitation
of this vulnerability may cause execution of arbitrary code with SYSTEM level privileges or possibly dhost.exe to
crash. Administrators are advised to close the external port 8008 for external users.
Signature ID: 12123
Novell eDirectory Server Long URI iMonitor Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-2496 Bugtraq: 18026
Signature Description: Novell eDirectory iMonitor is a service for monitoring servers in an eDirectory installation. A