TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
506
Signature Description: The Cachefsd RPC service is used by Solaris hosts to cache requests for remote file systems
mounted by the Network File System (NFS). Cachefsd in Solaris 2.6, 7, and 8 are vulnerable to stack based buffer
overflow via a long mount argument. This vulnerability is due to insufficient validation of user supplied data. A
successful exploitation of this vulnerability allow an attacker to execute arbitrary command on the vulnerable system.
This signature detects when an attacker send malicious pattern on RPC-TCP traffic.
Signature ID: 16079
Sun Solaris cachefsd mount file buffer overflow vulnerability
Threat Level: Information
Industry ID: CVE-2002-0084
Signature Description: The Cachefsd RPC service is used by Solaris hosts to cache requests for remote file systems
mounted by the Network File System (NFS). Cachefsd in Solaris 2.6, 7, and 8 are vulnerable to stack based buffer
overflow via a long mount argument. This vulnerability is due to insufficient validation of user supplied data. A
successful exploitation of this vulnerability allow an attacker to execute arbitrary command on the vulnerable system.
This signature detects when an attacker send malicious pattern on RPC-UDP traffic.
Signature ID: 16083
Sun Solaris cachefsd mount file buffer overflow vulnerability
Threat Level: Information
Industry ID: CVE-2002-0084 Bugtraq: 4631
Signature Description: Solaris is the only Unix platform that uses admind or sadmind. Another OS could show up
vulnerable if the above RPC numbers are being used by another service
Signature ID: 16085
RPC mountd TCP dump request Vulnerability
Threat Level: Information
Signature Description: Mount is to make a group of files in a file system structure accessible to a user or user
<br>group. The mountd Remote Procedure Call(RPC) implements the NFS(NFS(Network File System) is client/server
application designed by Sun Microsystems that allows all network users to access shared files stored on computers of
different types) mount protocol. When an NFS client requests a mount of an NFS files system, mountd examines the
list of exported file systems. If the NFS client is permitted access to the requested file system, mountd returns a file
handle for the requested directory. This issue will allow an attacker to mount an NFS directory to read or change files.
This signature detects when an attacker <br>send specially-crafted pattern to TCP RPC.
Signature ID: 16086
RPC mountd UDP dump request Vulnerability
Threat Level: Information
Signature Description: Mount is to make a group of files in a file system structure accessible to a user or user group.
The mountd Remote Procedure Call(RPC) implements the NFS(NFS(Network File System) is client/server application
designed by Sun Microsystems that allows all network users to access shared files stored on computers of different
types) mount protocol. When an NFS client requests a mount of an NFS files system, mountd examines the list of
exported file systems. If the NFS client is permitted access to the requested file system, mountd returns a file handle for
the requested directory. This issue will allow an attacker to mount an NFS directory to read or change files. This
signature detects when an attacker send specially-crafted pattern on UDP RPC.
Signature ID: 16087
RPC mountd TCP unmount request Vulnerability
Threat Level: Information
Signature Description: Unmount is a reverse operation of mount. This command is used to flushes a device, and stops