TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

481

482

483

484

485

486

487

488

489

490

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

489

saved instruction pointer and in doing so may potentially influence execution flow of the affected service into attacker-

supplied instructions.

Signature ID: 14014

AUTH command buffer overflow vulnerability

Threat Level: Information

Signature Description: A remotely exploitable buffer-overflow vulnerability affects POP daemon.The problem lies in

the code that handles the 'AUTH' command available to logged-in users. By providing an overly long argument to the

'AUTH' command, an attacker may cause a buffer to overflow. As a result, the attacker can gain access with the user ID

(UID) of the user whose account is being used for the attack and with the group ID (GID) mail.

Signature ID: 14015

DELE cmd with negative argument attempt

Threat Level: Critical

Industry ID: CVE-2002-1539 Bugtraq: 6053

Signature Description: A buffer overflow vulnerability has been reported for POP daemon. The vulnerability is due to

inadequate bounds checking on POP server dele command. An attacker can exploit this vulnerability by sending

negative value to dele command on the POP server. This will cause the Daemon service to crash when attempting to

process the dele command.

Signature ID: 14016

LIST buffer overflow

Threat Level: Critical

Industry ID: CVE-2000-0096 Bugtraq: 948

Signature Description: A remotely exploitable buffer-overflow vulnerability affects POP daemon.The problem lies in

the code that handles the 'LIST' command available to logged-in users. By providing an overly long argument, an

attacker may cause a buffer to overflow. As a result, the attacker can gain access with the user ID (UID) of the user

whose account is being used for the attack and with the group ID (GID) mail.

Signature ID: 14017

PASS command buffer overflow vulnerability

Threat Level: Critical

Industry ID: CVE-1999-1511

Bugtraq: 791 Nessus: 10325

Signature Description: POP stands for Post Office Protocol. This is used to describe how e-mail clients interact with

mail servers. The POP3 Server is a type of mail server used for incoming mail. When users connect to their ISP POP

servers, their e-mail software interface with the server and download any messages for them. POP is only used to

receive messages, it is not used to send mails. A Buffer overflow in POP Daemon allow attackers to cause a denial of

service (crash) and possibly execute arbitrary commands via a long PASS command in the POP3 service.

Signature ID: 14018

USER command format string vulnerability

Threat Level: Critical

Industry ID: CVE-2003-0391

Bugtraq: 7667 Nessus: 11742

Signature Description: POP stands for Post Office Protocol. This is used to describe how e-mail clients interact with

mail servers. The POP3 Server is a type of mail server used for incoming mail. When users connect to their ISP POP

servers, their e-mail software interface with the server and download any messages for them. POP is only used to

receive messages, it is not used to send mails. A format string vulnerability has been reported for MAIL Servers when

processing the POP3 USER command. An attacker may exploit this vulnerability by connecting to the vulnerable mail