TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
520
Signature ID: 16214
Solaris Snoop GETQUOTA decoding buffer overflow UDP
Threat Level: Information
Industry ID: CVE-1999-0974 Bugtraq: 864
Signature Description: Solaris Snoop is a network sniffing tool that ships with all Solaris 2.x operating systems. Solaris
Snoop monitors all network traffic on the host's physical link by putting the computer's Ethernet interface into
promiscuous mode. The Solaris Snoop application is vulnerable to a buffer overflow that could occur when Solaris
Snoop analyzes GETQUOTA requests to the rquotad service. By sending a long argument to the rquotad RPC (Remote
Procedure Call) service, an attacker could overflow the buffer to gain access to the system and control of the Solaris
Snoop application. This signature detects when an attacker send malicious pattern on RPC-UDP traffic.
Signature ID: 16215
Rpc.statd Remote Format String Vulnerability
Threat Level: Information
Industry ID: CVE-2000-0666 Bugtraq: 1480 Nessus: 10544
Signature Description: The rpc.statd server is an RPC server that implements the Network Status and Monitor RPC
protocol. It's a component of the Network File System (NFS) architecture. rpc.statd program is part of the 'nfs-utils'
package. rpc.statd service is vulnerable to a format-string vulnerability when calling the 'syslog()' function. A
successful exploitation of this vulnerability allow an attacker to execute command on the vulnerable system. rpc.statd
service is listen on both udp and tcp ports.This signature specifically detects when an attacker send malformed request
by using tcp service. Administrators are advised to disable the rpc.statd service if it is not need.
Signature ID: 16218
Rpc.statd Remote Format String Vulnerability
Threat Level: Information
Industry ID: CVE-2000-0666 Bugtraq: 1480 Nessus: 10544
Signature Description: The rpc.statd server is an RPC server that implements the Network Status and Monitor RPC
protocol. It's a component of the Network File System (NFS) architecture. rpc.statd program is part of the 'nfs-utils'
package. rpc.statd service is vulnerable to a format-string vulnerability when calling the 'syslog()' function. A
successful exploitation of this vulnerability allow an attacker to execute commands on the vulnerable system. rpc.statd
service is listen on both udp and tcp ports. This signature specifically detects when an attacker send malformed request
by using udp service. Administrators are advised to disable the rpc.statd service if it is not need.
Signature ID: 16219
Sun Solaris kcms_server KCS_OPEN_PROFILE directory traversal Vulnerability
Threat Level: Information
Industry ID: CVE-2003-0027 Bugtraq: 6665
Signature Description: Sun Solaris contains support for the Kodak Color Management System (KCMS), an application
programming interface (API) that provides color management functions for different devices and color spaces. As part
of the KCMS framework, the KCMS library service daemon (kcms_server) provides a way to serve KCMS profiles to
remote clients. If attacker is able to create a directory under /etc/openwin/devdata/profiles or
/usr/openwin/etc/devdata/profiles then he is able to perform the directory traversal which allows the attacker to read
any file on the compromised system.
Signature ID: 16220
Mountd TCP exportall request
Threat Level: Information
Signature Description: This rule gets hit when a request is made to Network File System (NFS) to list all exported file