TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
459
Signature ID: 12134
Session Description Protocol (SDP) Version Integer Overflow
Threat Level: Warning
Signature Description: Session Description Protocol (SDP) is intended for describing multimedia sessions for the
purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-
crafted SDP packet with a large value in Version field could potentially consume resources resulting in a DoS.
According to RFC 2327 The "v=" field gives the version of the Session Description Protocol and there is no minor
version number for SDP.
Signature ID: 12135
Session Description Protocol (SDP) Version Integer Overflow
Threat Level: Warning
Signature Description: Session Description Protocol (SDP) is intended for describing multimedia sessions for the
purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-
crafted SDP packet with a negative value in Version field could potentially consume resources resulting in a DoS.
According to RFC 2327 The "v=" field gives the version of the Session Description Protocol and there is no minor
version number for SDP.
Signature ID: 12136
Squid WCCP Message Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0095 Bugtraq: 12275
Signature Description: Squid is a popular free software proxy server and web caching daemon, released under the
GNU General Public License for Unix and Unix-like systems. Squid supports Web Cache Communication Protocol
(WCCP) which allows the proxy to register themselves with a router and thereby provides a mechanism to control how
traffic is redirected among a group of proxies. Squid Web Proxy Cache version 2.5 is vulnerable to a denial of service
attack, caused by a vulnerability in the "number of caches" field in WCCP_I_SEE_YOU messages. If WCCP is
enabled, and the attacker can spoof UDP packets with the WCCP router's IP address, a remote attacker could send a
specially-crafted UDP packet with the 'number of caches' field set to a value outside of the 1 - 32 range to cause Squid
to crash.
Signature ID: 12137
Session Directory Protocol (SDP) Request with invalid Value in Connection Network Type field
Threat Level: Warning
Signature Description: Session Directory Protocol (SDP) is intended for describing multimedia sessions for the
purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-
crafted SDP packet with a large value in Connection Network Type field could potentially consume resources resulting
in a DoS.
Signature ID: 12138
Session Description Protocol (SDP) Request with invalid Value in Origin IP field
Threat Level: Warning
Industry ID: CVE-2007-1561
Signature Description: Session description Protocol (SDP) is intended for describing multimedia sessions for the
purposes of session announcement, session invitation, and other forms of multimedia session initiation. A specially-
crafted SDP packet with an invalid value in Owner Address (Origin IP) field could potentially consume resources
resulting in a DoS. This signature detects attacks SIP session on UDP as transport layer.