TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
518
Signature ID: 16204
RPC Automounter Daemon (amd) PID request UDP
Threat Level: Information
Signature Description: This rule gets hit when a request is made to discover the Process ID (PID) of the Remote
Procedure Call (RPC) amd. The amd RPC service implements the automounter daemon on UNIX hosts. The amd
service automatically mounts and unmounts requested file systems. An attacker can make a request to amd to discover
its PID. Learning the PID may help an attacker guess a range of likely PIDs associated with other running services that
are either started before or after amd. This may facilitate an attack against other running processes.This rule hits for
RPC-UDP Traffic.
Signature ID: 16205
RPC Automounter Daemon (AMD) version request UDP
Threat Level: Information
Signature Description: This rule gets hit when a request is made to discover the version and configuration information
associated with the Remote Procedure Call (RPC) amd. The amd RPC service implements the automounter daemon on
UNIX hosts. The amd service automatically mounts and unmounts requested file systems. An attacker can make a
request to amd to discover its version number. A successful request will return the version number along with other
valuable configuration information about the server, including the architecture. This signature detects RPC
Automounter Daemon (AMD) version requests using UDP.
Signature ID: 16206
SunRPC xdr_array() Integer overflow when deserializing the XDR stream
Threat Level: Information
Industry ID: CVE-2002-0391 Bugtraq: 5356
Signature Description: The XDR (external data representation) libraries are used to provide platform-independent
methods for sending data from one system process to another, typically over a network connection. The xdr_array()
function in the XDR library provided by Sun Microsystems contains an integer overflow that can lead to improperly
sized dynamic memory allocation. Subsequent problems like buffer overflows may result, depending on how and
where the vulnerable xdr_array() function is used. Exploiting this vulnerability will lead to denial of service, execution
of arbitrary code, or the disclosure of sensitive information.
Signature ID: 16207
CDE rpc.cmsd server remotely exploitable buffer overflow
Threat Level: Information
Industry ID: CVE-1999-0696 Bugtraq: 524
Signature Description: The Calendar Manager Service daemon (rpc.cmsd) is used as an appointment and resource-
scheduler with clients, such as Calendar Manager in Openwindows, and Calendar in Common Desktop Environment
(CDE). The CDE database manager rpc.cmsd is vulnerable to a buffer overflow that exists in the rtable_insert()
function because of improper bounds checking allowing the execution of arbitrary commands with the privileges of
root. This signature detects when an attacker send malicious pattern on RPC-TCP traffic.
Signature ID: 16208
CDE rpc.cmsd server remotely exploitable buffer overflow
Threat Level: Information
Industry ID: CVE-1999-0696
Bugtraq: 524
Signature Description: The Calendar Manager Service daemon (rpc.cmsd) is used as an appointment and resource-
scheduler with clients, such as Calendar Manager in Openwindows, and Calendar in Common Desktop Environment
(CDE). The CDE database manager rpc.cmsd service on Sun Solaris and HP-UX versions 10.20, 10.30 and 11.0