TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
461
specially-crafted SIP request with an invalid value in CSeq field could potentially consume SIP proxy resources
resulting in a DoS.
Signature ID: 12145
BakBone NetVault Client Name Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1009 Bugtraq: 12967
Signature Description: BakBone's NetVault is a backup and restore software for Windows and Linux Servers. A heap
based buffer overflow vulnerability exists in NetVault software while handling specially crafted packets. A remote
attacker could exploit this vulnerability by connecting to port 20031 and sending a specially-crafted clientname entry in
the 'Available NetVault Machines' list to overflow a buffer and execute arbitrary code on the system. Successful
exploitation of the vulnerability allows execution of arbitrary code on the server. Administrators are advised to close
the port 20031 for untrusted users.
Signature ID: 12152
Oracle Database Server ctxsys.driload Access Validation Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0637 Bugtraq: 11099
Signature Description: Oracle Database Server is a commercial relational database application suite. A vulnerability
exists in the Oracle Database Server that is caused by an access validation error. The Oracle database server consists of
a default account called CTXSYS (Oracle Text/Intermedia Text/Context option) with DBA privileges and therefore
allows to read, change and destroy all data in the database. If the CTXSYS account is locked by default, the package
ctxsys.driload is accessible to all the users. The package ctxsys.driload allows every user that can use this package to
execute commands as DBA. Successful exploitation allows authenticated users to execute arbitrary commands as DBA,
which allows complete control over the database.
Signature ID: 12153
Oracle Database Server dbms_system.ksdwrt() Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0638 Bugtraq: 11100
Signature Description: Oracle Database Server is a commercial relational database application suite. A remotely
exploitable buffer overflow vulnerability exists in Oracle Database Server that may allow execution of arbitrary code.
The vulnerability specifically exists in the function ksdwrt() provided by the package 'dbms_system'. This function is
used to write custom messages to a trace file or to the alert log. The issue can be triggered when an overly long string is
passed to the second parameter of the function. To exploit this vulnerability users should be members of the SYS or
SYSTEM roles or they must be granted execute permissions on the 'dbms_system' package. Successful exploitation
allows authorized remote users to cause the Oracle server process to crash and potentially execute arbitrary code.
Administrators are advised to install the Security updates from Oracle.
Signature ID: 12154
Oracle Database Server MDSYS.MD2.SDO_CODE_SIZE Procedure LAYER Parameter Access
Threat Level: Warning
Industry ID: CVE-2004-1774
Bugtraq: 13145,10871
Signature Description: Oracle Database Server is a commercial relational database application suite. Oracle Database
Server version 10.1.0.2 running on Windows 2000 Server SP4 is vulnerable to a buffer overflow. The vulnerability
specifically exists in the procedure MDSYS.MD2.SDO_CODE_SIZE. An attacker can supply excessive data to the
LAYER parameter to cause overflow. By default SDO_CODE_SIZE has EXECUTE permission to PUBLIC so any
Oracle database user can exploit this vulnerability. Successful exploitation of this vulnerability allows an attacker to
execute arbitrary code and gain 'SYSDBA' privileges. This rule gets hit when an attempt is made to access the LAYER