TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
523
vulnerable to stack based buffer overflow due to insufficient validation of user supplied data. A successful exploitation
of this vulnerability allow an attacker to execute arbitrary commands on the vulnerable system. This vulnerability is
fixed in SGI IRIX 6.5.11 version. Administrators are advised to update SGI IRIX 6.5.11 version to resolve this
vulnerability. This signature detects when an attacker send malicious pattern on RPC-UDP traffic.
Signature ID: 16230
Kodak KCMS KCS_OPEN_PROFILE Procedure Arbitrary File Access Vulnerability TCP
Threat Level: Information
Industry ID: CVE-2003-0027 Bugtraq: 6665
Signature Description: Sun Solaris contains support for the Kodak Color Management System (KCMS), an application
programming interface (API) that provides color management functions for different devices and color spaces. The
KCMS framework enables the accurate reproduction, and improves the appearance of, digital color images on desktop
computers and associated peripherals. KCMS profiles contain information that tell the KCMS framework how to
convert input color data to the appropriate color-corrected output color data. The KCMS framework loads and saves
profiles, gets and sets KCMS profile attributes, and directs requests for color management to the right CMM at the right
time. When opening a profile, the KCMS library service daemon does not adequately validate the fileName argument.
The checks performed by the KCS_OPEN_PROFILE procedure are not complete in that they do not account for the
case of a sub-directory within the KCMS profile directories. If an attacker is able to create a sub-directory within either
of the directories searched by the KCMS library service daemon, the attacker could use a specially crafted fileName
argument that would bypass the directory traversal checks and allow the attacker to read any file on a vulnerable
system. This signature detects when an attacker send malicious pattern on RPC-TCP traffic.
Signature ID: 16231
Kodak KCMS KCS_OPEN_PROFILE Procedure Arbitrary File Access Vulnerability UDP
Threat Level: Information
Industry ID: CVE-2003-0027 Bugtraq: 6665
Signature Description: Sun Solaris contains support for the Kodak Color Management System (KCMS), an application
programming interface (API) that provides color management functions for different devices and color spaces. The
KCMS framework enables the accurate reproduction, and improves the appearance of, digital color images on desktop
computers and associated peripherals. KCMS profiles contain information that tell the KCMS framework how to
convert input color data to the appropriate color-corrected output color data. The KCMS framework loads and saves
profiles, gets and sets KCMS profile attributes, and directs requests for color management to the right CMM at the right
time. When opening a profile, the KCMS library service daemon does not adequately validate the fileName argument.
The checks performed by the KCS_OPEN_PROFILE procedure are not complete in that they do not account for the
case of a sub-directory within the KCMS profile directories. If an attacker is able to create a sub-directory within either
of the directories searched by the KCMS library service daemon, the attacker could use a specially crafted fileName
argument that would bypass the directory traversal checks and allow the attacker to read any file on a vulnerable
system. This signature detects when an attacker send malicious pattern on RPC-UDP traffic.
Signature ID: 16232
Portmap Network-Status-Monitor (NSM) request TCP
Threat Level: Information
Signature Description: NSM runs on client machines and informs other hosts of the status of that machine should a
crash or reboot occur. Each remote application using an rpc service can therefore register with the host when services
are once again available. A request made to a machine will indicate to the attacker the status of that host and will also
be indicative of rpc services being available. The attacker might then continue to ascertain which rpc services are being
offered and then launch an attack on vulnerable daemons. This signature detects when an attacker send malicious
pattern on RPC-TCP traffic.