TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
484
Signature Description: Point-to-Point Tunneling Protocol (PPTP) is an industry standard protocol (defined in RFC
2637) that enables users to create and use virtual private networks (VPNs). Through VPN technologies such as PPTP,
users can create tunnels to a remote network, even though the data may transit insecure networks like the Internet. A
vulnerability exists in the Windows 2000 and Windows XP implementations of Microsoft PPTP because of an
unchecked buffer in a section of code that processes the control data used to establish, maintain and tear down PPTP
connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt
kernel memory and cause the system to fail, disrupting any work in progress on the system. Normal operation on any
attacked system could be restored by restarting the system.
Signature ID: 12325
OpenSSL Worm traffic
Threat Level: Information
Industry ID: CVE-2002-0656 Bugtraq: 5362
Signature Description: OpenSSL prior to 0.9.6e is vulnerable to remotely exploitable buffer overflows. A worm
outbroke based on these vulnerabilities and this rule detects such exploit traffic.mod_ssl worm is self-propagating
malicious code that exploits the OpenSSL vulnerability described in VU#102795.
Signature ID: 12328
Epic Games Unreal Engine \secure\ Query Memory Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0608 Bugtraq: 10570
Signature Description: The Unreal Engine is a widely-used game engine developed by Epic Games. This game engine
is used by several products as part of their gaming software. Unreal 226f and prior and also other products which use
vulnerable version of Unreal Engine are affected by a memory corruption vulnerability. Unreal Engine makes use of
GameSpy Query Protocol to return status information to be used by the in-game browser or 3rd party server browsers.
The 'secure' query in this protocol is used to verify that the server being queried is actually a legitimate Unreal server. If
so the 'challenge_string' provided with 'secure' query will be encrypted using a secret key and sent back. If an attacker
uses a long value in his secure query and sent it to an Unreal based game server which runs by default on UDP port
7787, some important memory zones will be overwritten leading to memory corruption. Successful exploitation allows
a remote attacker to execute arbitrary code in the context of current process. Contact your vendor for upgrade or patch
information.
Signature ID: 12329
Artisoft Xtramail Username overflow attempt
Threat Level: Information
Industry ID: CVE-1999-1511
Bugtraq: 791 Nessus: 10323
Signature Description: Artisoft Xtramail mail server is vulnerable to a denial of service attack, caused by a buffer
overflow in the control service. XtraMail includes a remote administration utility which listens on port 32000 for
logins. A remote attacker can send a username containing 10,000 characters or more to the port 32000 to overflow the
buffer and crash the service. The service must be restarted to regain normal functionality.
Signature ID: 12330
Bootpd hardware address length overflow
Threat Level: Information
Industry ID: CVE-1999-0798
Signature Description: There exists a buffer overflow vulnerability in bootpd on FreeBSD 2.2.5 and 2.2.2 that can be
exploited via a malformed header type. The vulnerability exists in bootpd.c. If a hardwaretype is specified past the end
of the hardware info list table, one can address the memory that resides after the structure hwinfo, potentially finding a