TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

481

482

483

484

485

486

487

488

489

490

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

490

server and issuing the USER command with malicious format string specifiers. This may result in the corruption

memory.

Signature ID: 14019

USER command buffer overflow vulnerability

Threat Level: Critical

Industry ID: CVE-1999-0494

Bugtraq: 789 Nessus: 10311

Signature Description: POP stands for Post Office Protocol. This is used to describe how e-mail clients interact with

mail servers. The POP3 Server is a type of mail server used for incoming mail. When users connect to their ISP POP

servers, their e-mail software interface with the server and download any messages for them. POP is only used to

receive messages, it is not used to send mails. A very long string data in place of the username can lead to a buffer

overflow situation. POP3 service may be vulnerable to this buffer overflow attempt. Although it may be possible to

execute arbitrary code on the vulnerable server.

Signature ID: 14020

XTND command buffer overflow vulnerability

Threat Level: Critical

Signature Description: A remotely exploitable buffer-overflow vulnerability affects POP daemon.The problem lies in

the code that handles the 'XTND' command available to logged-in users. By providing an overly long argument to the

'XTND' command, an attacker may cause a buffer to overflow. As a result, the attacker can execute arbitrary code on

the vulnerable server.

Signature ID: 14021

POP3 Brute Force Login Attempt

Threat Level: Information

Industry ID: CVE-2002-1064 CVE-2002-1065 Bugtraq: 5326

Signature Description: POP3 service is used to fetch mails from SMTP server. Given the user name and password, an

attacker can have full access to mails. This rule is triggered when there are many login attempts made within very short

period of time from outside to and internal POP3 server. Such an activity is an indication of brute force attempt on

guessing user name and password.

Signature ID: 14022

PASS command format string vulnerability

Threat Level: Information

Signature Description: POP stands for Post Office Protocol. This is used to describe how e-mail clients interact with

mail servers. The POP3 Server is a type of mail server used for incoming mail. When users connect to their ISP POP

servers, their e-mail software interface with the server and download any messages for them. POP is only used to

receive messages, it is not used to send mails. A format string vulnerability has been reported for MAIL Servers when

processing the POP3 PASS command. An attacker may exploit this vulnerability by connecting to the vulnerable mail

server and issuing the PASS command with malicious format string specifiers. This may result in the memory

corruption.

Signature ID: 14025

Microsoft SSL PCT buffer overflow attempt

Threat Level: Critical

Industry ID: CVE-2003-0719

Bugtraq: 10116 Nessus: 12209

Signature Description: A buffer overrun vulnerability exists in the Private Communications Transport (PCT) protocol,

which is part of the Microsoft Secure Sockets Layer (SSL) library. Only systems that have SSL enabled, and in some

cases Windows 2000 domain controllers, are vulnerable. An attacker who successfully exploited this vulnerability