TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

491

492

493

494

495

496

497

498

499

500

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

497

with the RPC portmapper as program 100014. rje mapper is vulnerable to a security threat in the future. Administrators

are advised to disable the rje mapper service if it is not needed.

Signature ID: 16020

Rquotad service vulnerability

Threat Level: Information

Industry ID: CVE-1999-0625 Nessus: 10226

Signature Description: Rquotad is an rpc server which returns quotas for a user of a local file system which is mounted

by a remote machine over the NFS. The results are used by quota to display user quotas for remote file systems. The

rquotad daemon is normally started at boot time from the rc.net script. rquotad is vulnerable to a security threat in the

future. Administrators are advised to disable the rquotad service if it is not needed.

Signature ID: 16022

Rusersd service vulnerability

Threat Level: Information

Industry ID: CVE-1999-0626 Nessus: 10228,11058

Signature Description: The rusersd daemon is a server that responds to queries from the rusers command by returning a

list of users currently on the network. It provides an attacker interesting information such as how often the system is

being used, the names of the users, and so on. This daemon is normally started by the inetd daemon. Administrators are

advised to disable the rusersd service if it is not needed.

Signature ID: 16023

Access to sadmin service

Threat Level: Information

Industry ID: CVE-1999-0977 Bugtraq: 866 Nessus: 10229

Signature Description: Sadmind is the daemon used by Solstice AdminSuite applications to perform distributed system

administration operations such as adding users. The Sadmind daemon is started automatically by the inetd daemon

whenever a request to invoke an operation is received. Sadmind is vulnerable to a security threat in the future. This

signature generates an event when an attacker try to identify whether Sadmind service is running. Administrators are

advised to disable the Sadmind service if it is not needed. This signature specifically detects when an attacker send

request by using udp service.

Signature ID: 16025

Sunview Selection service Vulnerability(1)

Threat Level: Warning

Industry ID: CVE-1999-0209 Bugtraq: 8 Nessus: 10231

Signature Description: The 'selection service' was used on older Sun workstations to support cross-platform

<br>copy/paste operation and read any file within Sunview. The selection service Remote <br>procedure call(RPC)

program could allow a remote attacker to obtain sensitive information. <br>An attacker could exploit this vulnerability

to read any file readable by the user. This <br>signature detects when an attacker send specially-crafted pattern on

UDP RPC.

Signature ID: 16026

Showfhd service Vulnerability

Threat Level: Information

Nessus: 10232

Signature Description: Showfhd is a RPC based server. Showfhd is a daemon that provides the full path name for the

given file handle. If the daemon cannot find the file or the inode number, it returns an error message. This signature

generates when an attacker try to identify whether showfhd service is running. If this service do not use, the