TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

511

512

513

514

515

516

517

518

519

520

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

519

operating systems are vulnerable to a buffer overflow that exists in the rtable_insert() function because of improper

bounds checking allowing the execution of arbitrary commands with the privileges of root. This signature detects when

an attacker send malicious pattern on RPC-TCP traffic.

Signature ID: 16209

SunRPC xdr_array() Integer overflow when deserializing the XDR stream

Threat Level: Information

Industry ID: CVE-2002-0391 Bugtraq: 5356

Signature Description: The XDR (external data representation) libraries are used to provide platform-independent

methods for sending data from one system process to another, typically over a network connection. The xdr_array()

function in the XDR library provided by Sun Microsystems contains an integer overflow that can lead to improperly

sized dynamic memory allocation. Subsequent problems like buffer overflows may result, depending on how and

where the vulnerable xdr_array() function is used. Exploiting this vulnerability will lead to denial of service, execution

of arbitrary code, or the disclosure of sensitive information. This signature detects when an attacker send malicious

pattern on RPC-UDP traffic.

Signature ID: 16210

CDE rpc.cmsd server remotely exploitable buffer overflow

Threat Level: Information

Industry ID: CVE-1999-0696 Bugtraq: 524

Signature Description: The Calendar Manager Service daemon (rpc.cmsd) is used as an appointment and resource-

scheduler with clients, such as Calendar Manager in Openwindows, and Calendar in Common Desktop Environment

(CDE). The CDE database manager rpc.cmsd service on Sun Solaris and HP-UX versions 10.20, 10.30 and 11.0

operating systems are vulnerable to a buffer overflow that exists in the rtable_insert() function because of improper

bounds checking allowing the execution of arbitrary commands with the privileges of root. This signature detects when

an attacker send malicious pattern on RPC-UDP traffic.

Signature ID: 16211

CDE rpc.cmsd server remotely exploitable buffer overflow

Threat Level: Information

Industry ID: CVE-1999-0696 Bugtraq: 524

Signature Description: The Calendar Manager Service daemon (rpc.cmsd) is used as an appointment and resource-

scheduler with clients, such as Calendar Manager in Openwindows, and Calendar in Common Desktop Environment

(CDE). The CDE database manager rpc.cmsd is vulnerable to a buffer overflow that exists in the rtable_insert()

function because of improper bounds checking allowing the execution of arbitrary commands with the privileges of

root. This signature detects when an attacker send malicious pattern on RPC-UDP traffic.

Signature ID: 16213

Solaris Snoop GETQUOTA decoding buffer overflow TCP

Threat Level: Information

Industry ID: CVE-1999-0974 Bugtraq: 864

Signature Description: Solaris Snoop is a network sniffing tool that ships with all Solaris 2.x operating systems. Solaris

Snoop monitors all network traffic on the host's physical link by putting the computer's Ethernet interface into

promiscuous mode. The Solaris Snoop application is vulnerable to a buffer overflow that could occur when Solaris

Snoop analyzes GETQUOTA requests to the rquotad service. By sending a long argument to the rquotad RPC (Remote

Procedure Call) service, an attacker could overflow the buffer to gain access to the system and control of the Solaris

Snoop application. This signature detects when an attacker send malicious pattern on RPC-TCP traffic.