TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
495
Signature ID: 16006
Automountd service portmap request vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0704
Bugtraq: 614 Nessus: 10212
Signature Description: Automounter daemon(amd) is a daemon that automatically mounts filesystems whenever a file
or directory within that filesystem is accessed. Filesystems are automatically unmounted when they appear to have
become quiescent. Automounter daemon is vulnerable to a buffer overflow under solaris operating system. This
vulnerability is due to insufficient validation of user supplied data. A successful exploitation of this vulnerability allow
an attacker to execute remote code on the vulnerable system.
Signature ID: 16007
Rpc_cmsd vulnerability
Threat Level: Information
Industry ID: CVE-1999-0320 CVE-2002-0391 CVE-1999-0696 Bugtraq: 524,5356,428 Nessus: 10213
Signature Description: The 'xdr_array()' procedure is used by client/server applications implementing Sun RPC to filter
between local C representations of variable length arrays and their machine-independent external data representations
(XDR). 'xdr_array()' procedure is vulnerability to a buffer overflow. This vulnerability is due to insufficient sanitization
of user supplied data. A successful exploitation of this vulnerability allow an attacker to execute commands on the
vulnerable system.
Signature ID: 16009
Etherstatd service Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0530 Nessus: 10215
Signature Description: The rpc.etherstatd service puts a specified Ethernet interface into promiscuous mode and
provides traffic statistics to remote programs. This program registers itself with the RPC protmapper as program
100010. A remote attacker can use this exploit to perform packet sniffing. The Administrators are advised to disabled
the 'etherstatd' service, if it is not necessary. This signature detects when an attacker send specially-crafted pattern on
UDPRPC.
Signature ID: 16010
Fam service vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0059 Bugtraq: 353 Nessus: 10216
Signature Description: The fam service, RPC program 391002, is used by other programs to keep track of file
modifications. When a program initially connects to the fam server, it passes the fam server the name of a file or
directory to watch. If the fam server receives a directory name, it returns the client a complete list of files and sub
directories in that directory. IRIX(5.3,6.1,6.2,6.3) is vulnerability. This service allows any user to obtain a complete
listing of files and directories on vulnerable systems. Administrators are advised to determine if the fam daemon is
running, and if so, disable the daemon.
Signature ID: 16011
Keyserv service vulnerability
Threat Level: Information
Nessus: 10217
Signature Description: The keyserv service stores the private encryption keys of all logged in users for use with
network services with integrated security, like secure NFS and NIS+. The keyserv service registers with the RPC
portmapper as program 100029. This service is necessary to exploit some holes in RPC services like yppupdated. This
rule generates an event when an attacker try to know the keyserv service is running or not by using portmap request.