TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
521
systems and to indicate which clients are permitted to mount each file system. The mountd Remote Procedure Call
(RPC) implements the NFS mount protocol. When an NFS client requests a mount of an NFS file system, mountd
examines the list of exported file systems. If the NFS client is permitted access to the requested file system, mountd
returns a file handle for the requested directory. An attacker or legitimate NFS client may request a list of exported file
systems and client mount permissions.
Signature ID: 16221
NFS-Utils Xlog Remote Buffer Overrun Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0252
Bugtraq: 8179 Nessus: 11800,14059,13800,12405
Signature Description: The mountd Remote Procedure Call (RPC) implements the NFS mount protocol. A
vulnerability exists in some versions of the Linux NFS Utilities package prior to 1.0.4 that can lead to the possible
execution of arbitrary code or a DoS against the affected server. A programming error in the xlog function may be
exploited by an attacker by sending RPC requests to mountd that do not contain any newline characters. This causes a
buffer to overflow thus presenting the attacker with the opportunity to execute code. This signature specifically detects
when an attacker send malicious pattern on RPC-TCP traffic.
Signature ID: 16222
TCP mount request Vulnerability
Threat Level: Information
Signature Description: Mount is to make a group of files in a file system structure accessible to a user or user group.
The mountd Remote Procedure Call(RPC) implements the NFS(NFS(Network File System) is client/server application
designed by Sun Microsystems that allows all network users to access shared files stored on computers of different
types) mount protocol. When an NFS client requests a mount of an NFS files system, mountd examines the list of
exported file systems. If the NFS client is permitted access to the requested file system, mountd returns a file handle for
the requested directory. This issue will allow an attacker to mount an NFS directory to read or change files. This
signature detects when an attacker send specially-crafted pattern to TCP RPC.
Signature ID: 16223
Mountd exportall request UDP
Threat Level: Information
Signature Description: This rule gets hit when a request is made to Network File System (NFS) to list all exported file
systems and to indicate which clients are permitted to mount each file system. The mountd Remote Procedure Call
(RPC) implements the NFS mount protocol. When an NFS client requests a mount of an NFS file system, mountd
examines the list of exported file systems. If the NFS client is permitted access to the requested file system, mountd
returns a file handle for the requested directory. An attacker or legitimate NFS client may request a list of exported file
systems and client mount permissions. This detects attack pattern on RPC-UDP Traffic.
Signature ID: 16224
NFS-Utils Xlog Remote Buffer Overrun Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0252 Bugtraq: 8179 Nessus: 11800,14059,13800,12405
Signature Description: The mountd Remote Procedure Call (RPC) implements the NFS mount protocol. A
vulnerability exists in some versions of the Linux NFS Utilities package prior to 1.0.4 that can lead to the possible
execution of arbitrary code or a DoS against the affected server. A programming error in the xlog function may be
exploited by an attacker by sending RPC requests to mountd that do not contain any newline characters. This causes a
buffer to overflow thus presenting the attacker with the opportunity to execute code. This issue is fixed in nfs nfs-utils
1.0.4. Administrators are advised to update nfs nfs-utils 1.0.4 version to resolve this vulnerability. This signature
specifically detects when an attacker send malicious pattern on RPC-UDP traffic.