TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

471

472

473

474

475

476

477

478

479

480

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

480

Signature Description: This rule detects any attempt that is made to probe for information on a host running Arkeia

Client Backup server. By default, Arkeia Client Backup servers do not require any authentication for informational

requests. Arkeia Network Backup Client installs with a default password. The root account has a password of 'root'

which is publicly known and documented. An attacker can attempt to query an Arkeia Client Backup server for system

or file information. Also anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any

host running the Arkeia agent software versions prior to 5.x.

Signature ID: 12303

Knox Arkeia Backup Client System Information Probe

Threat Level: Warning

Industry ID: CVE-2005-0496

Signature Description: This rule detects if any attempt is made to probe for information on a host running Arkeia

Client Backup server. By default, Arkeia Client Backup servers do not require any authentication for informational

requests. An attacker can attempt to query an Arkeia Client Backup server for system or file information. Also anyone

able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent

software versions prior to 5.x.

Signature ID: 12304

TCPDump Malformed BGP Packet Denial of Service Vulnerability

Threat Level: Severe

Industry ID: CVE-2002-1350 Bugtraq: 6213

Signature Description: The tcpdump utility is a tool used to monitor network traffic. tcpdump versions 3.6.2 and earlier

are vulnerable to denial of service via a malicious BGP packet with invalid message length. If message length is less

than '19', then a remote attacker can crash the tcpdump utility. Major products using tcpdump has issued a fix for this

vulnerability. Contact your vendor for patch information.

Signature ID: 12305

TCPDump Malformed BGP Packet Denial of Service Vulnerability

Threat Level: Severe

Industry ID: CVE-2002-1350 Bugtraq: 6213

Signature Description: The tcpdump utility is a tool used to monitor network traffic. tcpdump versions 3.6.2 and earlier

are vulnerable to denial of service via a malicious BGP packet with invalid message type. A remote attacker could use

this vulnerability to cause the tcpdump utility to crash. Major products using tcpdump has issued a fix for this

vulnerability. Contact your vendor for patch information.

Signature ID: 12306

CVS Max-dotdot integer overflow attempt

Threat Level: Information

Industry ID: CVE-2004-0417

CVE-2004-1471 Bugtraq: 10499

Signature Description: CVS (Concurrent Versions System) is an open-source source code management and distribution

system available for most Linux and Unix-based operating systems. An Integer overflow exists in the "Max-dotdot"

CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 that may allow

remote attackers to cause a server crash. Due to this some temporary data may remain undeleted and consume disk

space.

Signature ID: 12307

CVS Directory Request Double Free Heap Corruption Vulnerability

Threat Level: Information

Industry ID: CVE-2003-0015 Bugtraq: 6650