TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
552
Signature ID: 20032
Alcatel ADSL Modem with Firewalling off vulnerability
Threat Level: Information
Industry ID: CVE-2001-1424 Bugtraq: 2568 Nessus: 10760,10530
Signature Description: Alcatel Speed Touch Wireless is an ADSL modem that enables users to connect PCs, game
consoles and other appliances instantly and seamlessly on high-speed Internet access from anywhere in the house
without a physical cable. ADSL Network Termination Device 1000 and Speed Touch ADSL modem are vulnerable.
Alcatel ADSL modems could allow a remote attacker to gain read or write privileges to the configuration file. By
default, the ADSL modems are shipped with blank passwords. A remote attacker can gain read or write privileges to
the configuration file to take control over the device using Telnet or HTTP. An attacker can use this vulnerability to
change the configuration and upload new firmware. User can set the password for the Alcatel ADSL modem.
Signature ID: 20033
Telnet login by using brute force method attempt
Threat Level: Warning
Nessus: 10328
Signature Description: Brute Force Attack is the most widely known password cracking method. This attack simply
tries to use every possible character combination as a password. An attempt is made to login by telnet using brute force
methods. This rule hits when many unsuccessful attempts to login by Telnet during a small period of time.
Signature ID: 20034
Cayman DSL router one char login vulnerability
Threat Level: Information
Industry ID: CVE-2001-1430 Bugtraq: 3017 Nessus: 10724
Signature Description: Cayman 3220-H DSL router allows DSL subscribers to share their Internet connections among
multiple computers. The Cayman 3220-H allows users to easily configure their settings through a Web browser
interface. But the router makes that interface accessible, not just from the user's local area network, but also from the
'WAN port' that connects to the Internet.Cayman 3220-H DSL Router 1.0 is vulnerable via sending single opening
brace character for login. An attacker could use this vulnerability to launch a denial of service attack, change the router
configuration, or exploit other vulnerabilities on the network served by the router. No remedy available as of August
30, 2008.
Signature ID: 21001
Microsoft Windows Windows Explorer Web View Script Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1191 Bugtraq: 13248 Nessus: 18215
Signature Description: Windows Explorer is an application that is part of Microsoft Windows operating system that
provides a graphical user interface for accessing the file systems. Web View (preview pane) is one of two different
formats provided by Windows Explorer for viewing file and folder information. This feature allows users to preview
documents in a thumbnail view before opening. In addition, information such as title and author is displayed. The
preview pane is implemented via an HTML resource file (in webvw.dll), which examines the currently selected file,
reads its metadata and displays useful information about it such as the file's size, attributes, modification date, author
and more. A remote code execution vulnerability exists in the way that Web View within Windows Explorer handles
certain HTML characters in author name field of a document. When the preview pane outputs the document's author
name, it checks whether the name resembles an email address, and if so, transforms it into a 'mailto:' link in the pane.
The transformation into a link does not filter potentially dangerous characters and makes it possible to inject attributes
into the link, which enables execution of arbitrary script commands. An attacker could persuade a user to save a file
from an email message or from a website to a local storage device. If a remote attacker persuades a user to preview a
malicious file, the attacker could execute arbitrary code within the context of the victim and gain complete control over