TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

501

502

503

504

505

506

507

508

509

510

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

504

Signature ID: 16066

MOUNTD - Linux/Solaris file existence vulnerability

Threat Level: Information

Industry ID: CVE-1999-1225 Bugtraq: 95

Signature Description: Mount is to make a group of files in a file system structure accessible to a user or user

<br>group. Linux and solaris operating systems allow remote user to determine the existence of files on the remote

server via rpc.mountd. A user using the mount or mount_nfs command can try to mount files on the remote host, and

mountd returns a permission denied error, means it cannot access the file. If the file does not exist, it returns a No such

files or directory error. This successful exploitation can be used to determine what files exist on a computer. This

signature specifically detects when an attacker send request by using udp service.

Signature ID: 16067

MOUNTD - Linux/Solaris file existence vulnerability(1)

Threat Level: Information

Industry ID: CVE-1999-1225 Bugtraq: 95

Signature Description: Mount is to make a group of files in a file system structure accessible to a user or user

<br>group. Linux and solaris operating systems allow remote user to determine the existence of files on the remote

server via rpc.mountd. A user using the mount or mount_nfs command can try to mount files on the remote host, and

mountd returns a permission denied error, means it cannot access the file. If the file does not exist, it returns a No such

files or directory error. This successful exploitation can be used to determine what files exist on a computer. This

signature detects when an attacker send specially-crafted pattern on UPD RPC.

Signature ID: 16068

IRIX fam service Vulnerability

Threat Level: Information

Industry ID: CVE-1999-0059 Bugtraq: 353

Signature Description: The IRIX fam(File Alteration Monitor) service, RPC program 391002, is used by other

programs to keep track of file modifications. When a program initially connects to the fam server, it passes the fam

server the name of a file or directory to watch. If the fam server receives a directory name, it returns the client a

complete list of files and sub directories in that directory. fam service is listen on both tcp and udp ports. This signature

generates when an attacker try to identify whether fam service is running. If this service running then an attacker

passing the fam server a request to list the root directory. This successful exploitation of this issue will allow an

attacker to obtain a complete list of files on the system. Administrators advised to disabled the fam service, if it is not

necessary. This signature specifically detects when an attacker send request by using UDP service.

Signature ID: 16070

NISd Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-1999-0008 Bugtraq: 104,677

Signature Description: The rpc.nisd daemon is a Remote Procedure Call service that implements the NIS+ service.

This daemon must be running on all servers that serve a portion of the NIS+ namespace. rpc.nisd is usually started from

a system startup script. rpc.nisd daemon is a buffer overflow vulnerability. This signature detects when an attacker

submitting a long NIS+ argument, a remote attacker can overflow a buffer and execute arbitrary code on the system to

gain root privileges.