TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

561

562

563

564

565

566

567

568

569

570

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

570

using VirtualAlloc function allocation will always succeed and return a pointer to a 4KB block, entirely disregarding

the allocation size. This only corrupts parts of memory but execution can be made possible by using another flaw in

RPC run-time library RPCRT4.DLL. In RPCRT4.DLL, the NdrAllocate function writes management data to memory

after certain RPC calls and memory allocation. Due to a failure to validate user input, it is possible for a user to write a

limited amount of data at an arbitrary, user-specified address, with certain limitations. Windows 2000 Server SP0 - SP4

(enabled by default), Windowx XP SP1 (locally exploitable unless default configuration adjusted then remote) and

Windows 2003 Server (locally exploitable unless default configuration adjusted then remote) are affected by this issue.

(Ref: MS05-051). Dasher worm uses this vulnerability to compromise systems. Administrators are advised to install the

updates mentioned in MS05-051.

Signature ID: 21092

Microsoft Windows Share Access Using NULL session

Threat Level: Warning

Industry ID: CVE-1999-0519 CVE-1999-0520 Nessus: 10396

Signature Description: Microsoft directory services allows an attacker to establish a NULL session (with empty

username and password), and access to Network Neighborhood, Work groups, file sharing and other functions of

windows host.

Signature ID: 21093

SMB Share Access Using Null session

Threat Level: Warning

Signature Description: Null SMB session permits access to a host using a blank user name and password. An attacker

may attempt to establish a Null SMB session, and attempt to gain sensitive information about the target host such as

available shares and user names.

Signature ID: 21094

SMB Share Access Using Null session

Threat Level: Severe

Signature Description: Null SMB session permits access to a host using a blank user name and password. An attacker

may attempt to establish a Null session, then gain access to sensitive information about the target host such as available

shares and user names.

Signature ID: 21095

Possible Windows 95/98 RFParalyze DoS Attempt

Threat Level: Information

Industry ID: CVE-2000-0347

Bugtraq: 1163

Signature Description: RFParalyze is a DoS attack against Windows 95/98 systems. Unpredictable results, including

system crashes, lock-ups, reboots, and loss of network connectivity, can occur in Windows 95/98 if a NetBIOS session

packet is received with the source host name set to NULL.

Signature ID: 21096

Possible NT NULL Session Attempt

Threat Level: Information

Industry ID: CVE-2000-0347

Bugtraq: 1163

Signature Description: Null sessions are un-authenticated connections (not using a username or password.) to

Windows NT or 2000 systems. Windows NT and 2000 are vulnerable to this problem, which can lead to serious access

violation. After establishing a NULL session, an attacker can attempt various techniques which allow him/her to gather

as much information as possible from the target.