TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
508
Signature ID: 16093
RPC ypserv maplist request UDP
Threat Level: Information
Industry ID: CVE-2002-1232 CVE-2000-1043 CVE-2000-1042 Bugtraq: 6016,5914
Signature Description: The ypserv daemon is a component of the Network information Service(NIS is an RPC-based
service designed to allow a number of UNIX-based machines to share a common set of configuration files.). It
distributes NIS databases to client systems within an NIS domain. ypserv, version before 2.5, is vulnerable to Memory
leak. This event get hits when an attacker could request a map that no longer exists to cause the server to leak
information for the previously existing map, such as domain name and map name. This successful exploitation of this
issue will allow an attacker to obtain sensitive information. This signature specifically detects when an attacker send
request by using udp service. This issue is fixed in the version of ypserv(2.5 or later). The Administrators are advised to
upgrade this version for removing this issue, which is available at vendor's web site.
Signature ID: 16094
RPC ypserv maplist request TCP
Threat Level: Information
Industry ID: CVE-2002-1232 CVE-2000-1043 CVE-2000-1042 Bugtraq: 6016,5914
Signature Description: The ypserv daemon is a component of the Network information Service(NIS is an RPC-based
service designed to allow a number of UNIX-based machines to share a common set of configuration files.). It
distributes NIS databases to client systems within an NIS domain. ypserv, version before 2.5, is vulnerable to Memory
leak. This event get hits when an attacker could request a map that no longer exists to cause the server to leak
information for the previously existing map, such as domain name and map name. This successful exploitation of this
issue will allow an attacker to obtain sensitive information. This signature specifically detects when an attacker send
request by using tcp service. This issue is fixed in the version of ypserv(2.5 or later). The Administrators are advised to
upgrade this version for removing this issue, which is available at vendor's web site.
Signature ID: 16095
RPC network-status-monitor mon-callback request UDP
Threat Level: Information
Signature Description: NSM runs on client machines and informs other hosts of the status of that machine should a
crash or reboot occur. Each remote application using an rpc service can therefore register with the host when services
are once again available. A request made to a machine will indicate to the attacker the status of that host and will also
be indicative of rpc services being available. The attacker might then continue to ascertain which rpc services are being
offered and then launch an attack on vulnerable daemons. This signature specifically detects when an attacker send
request by using udp service.
Signature ID: 16096
RPC network-status-monitor mon-callback request TCP
Threat Level: Information
Signature Description: NSM runs on client machines and informs other hosts of the status of that machine should a
crash or reboot occur. Each remote application using an rpc service can therefore register with the host when services
are once again available. A request made to a machine will indicate to the attacker the status of that host and will also
be indicative of rpc services being available. The attacker might then continue to ascertain which rpc services are being
offered and then launch an attack on vulnerable daemons. This signature specifically detects when an attacker send
request by using tcp service.