TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
546
Management Protocol (SNMP) is commonly used to monitor and manage network devices. By applying the PROTOS
c06-snmpv1 test suite to a variety of popular SNMPv1-enabled products, the OUSPG revealed multiple vulnerabilities
in SNMPv1 request handling in the way many SNMP managers decode and process SNMP request messages. These
vulnerabilities may cause denial-of-service conditions, service interruptions, and in some cases may allow an attacker
to gain access to the affected device. Specific impacts will vary from product to product.
Signature ID: 18102
SNMP Trap Message from PROTOS c06-snmpv1 test suite
Threat Level: Information
Industry ID: CVE-2002-0012 Bugtraq: 5043,4088 Nessus: 10858
Signature Description: This rule tries to detect SNMP trap messages from PROTOS test suite. The Simple Network
Management Protocol (SNMP) is commonly used to monitor and manage network devices. The Oulu University
Secure Programming Group (OUSPG) reported numerous vulnerabilities in SNMPv1 implementations from many
different vendors. By applying the PROTOS c06-snmpv1 test suite to a variety of popular SNMPv1-enabled products,
the OUSPG revealed multiple vulnerabilities in SNMPv1 trap handling in the way many SNMP managers decode and
process SNMP trap messages. These vulnerabilities may cause denial-of-service conditions, service interruptions, and
in some cases may allow an attacker to gain access to the affected device. Specific impacts will vary from product to
product.
Signature ID: 18104
SNMPv1 Community String Buffer Overflow attempt
Threat Level: Information
Industry ID: CVE-2002-0012 CVE-2002-0013 CVE-1999-1570 CVE-2002-0013 Bugtraq: 4132,4089,4088 Nessus:
10858,10987
Signature Description: SNMPv1 supports five different types of messages: GetRequest, SetRequest, GetNextRequest,
GetResponse, and Trap. A SNMPv1 supports five different types of messages: GetRequest, SetRequest,
GetNextRequest, GetResponse, and Trap. A single SNMP message is referred to as a Protocol Data Unit (PDU). These
messages are described using Abstract Syntax Notation One (ASN.1) and translated into binary format using Basic
Encoding Rules (BER). SNMP request messages are sent from managers to agents. Request messages can poll the
agent for current performance or configuration data, ask for the next SNMP object in a Management Information Base
(MIB), or modify configuration settings. SNMP agents should reliably decode request messages and process the
resulting application data. A community string buffer overflow exists in SNMP v1, that will allow an attacker to
execute arbitrary code or shutdown the service. This signature generates an event when an attacker try to exploit any
community string.
Signature ID: 18105
SNMPv1 Community String Buffer Overflow with Evasion
Threat Level: Information
Industry ID: CVE-2002-0012 CVE-2002-0013 CVE-1999-1570 CVE-2002-0013 Bugtraq: 4132,4088,4089 Nessus:
10858,10987
Signature Description: SNMPv1 supports five different types of messages: GetRequest, SetRequest, GetNextRequest,
GetResponse, and Trap. A single SNMP message is referred to as a Protocol Data Unit (PDU). These messages are
described using Abstract Syntax Notation One (ASN.1) and translated into binary format using Basic Encoding Rules
(BER). SNMP request messages are sent from managers to agents. Request messages can poll the agent for current
performance or configuration data, ask for the next SNMP object in a Management Information Base (MIB), or modify
configuration settings. SNMP agents should reliably decode request messages and process the resulting application
data. A community string buffer overflow exists in SNMP v1, that will allow an attacker to execute arbitrary code or
shutdown the service. This rule hits for the attack pattern "04 82 01 00" found and the command length exceeds 80.