TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
528
Signature ID: 16249
Rpc.yppasswdd old password overflow attempt TCP
Threat Level: Severe
Industry ID: CVE-2001-0779
Signature Description: Network Information Service (NIS) provides a simple network lookup service consisting of
databases and processes. Its purpose is to provide information, that has to be known throughout the network, to all
machines on the network. Information likely to be distributed by NIS might be login names and/or group information.
A remotely exploitable buffer overflow exists in the rpc.yppasswd service. This vulnerability is due to insufficient
bounds checking of user supplied data. A successful exploitation of this vulnerability allow an attacker to execute
arbitrary commands on the vulnerable system. Solaris 2.6, 2.7 are vulnerable. Administrators are advised to update
latest version to resolve this issue. This signature specifically detects when an attacker send malicious pattern by using
'TCP' service.
Signature ID: 16250
Rpc.yppasswdd old password overflow attempt UDP
Threat Level: Severe
Industry ID: CVE-2001-0779
Signature Description: Network Information Service (NIS) provides a simple network lookup service consisting of
databases and processes. Its purpose is to provide information, that has to be known throughout the network, to all
machines on the network. Information likely to be distributed by NIS might be login names and/or group information.
A remotely exploitable buffer overflow exists in the rpc.yppasswd service. This vulnerability is due to insufficient
bounds checking of user supplied data. A successful exploitation of this vulnerability allow an attacker to execute
arbitrary commands on the vulnerable system. Solaris 2.6, 2.7 are vulnerable. Administrators are advised to update
latest version to resolve this issue. This signature specifically detects when an attacker send malicious pattern by using
udp service.
Signature ID: 16251
Yppasswd Username overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0779 Bugtraq: 2763
Signature Description: The rpc.yppasswdd server is used to handle password change requests from yppasswd and
modify the NIS password file. By supplying a specially crafted request to a NIS server running the yppasswd daemon
in the form of a long username, the attacker can cause a buffer overflow in that process. By exploiting this vulnerability
remote intruders can execute arbitrary code with super user privileges on a NIS master server. rpc.yppasswdd in Solaris
2.6,7 and 8 are vulnerable. Patches are available at vendors web site.
Signature ID: 16252
Yppasswd Username overflow attempt UDP
Threat Level: Severe
Industry ID: CVE-2001-0779
Bugtraq: 2763
Signature Description: The rpc.yppasswdd server is used to handle password change requests from yppasswd and
modify the NIS password file. By supplying a specially crafted request to a NIS server running the yppasswd daemon
in the form of a long username, the attacker can cause a buffer overflow in that process. By exploiting this vulnerability
remote intruders can execute arbitrary code with super user privileges on a NIS master server. rpc.yppasswdd in Solaris
2.6,7 and 8 are vulnerable. This issue is fixed and patches are available from vendors web site.