TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

571

572

573

574

575

576

577

578

579

580

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

573

Signature ID: 21111

MS SQL Server xp_enumresultset Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1082

Bugtraq: 2031

Signature Description: Microsoft SQL Server Desktop Engine (MSDE) suffers from multiple buffer overflow

vulnerabilities. The xp_enumresultset function fails to restrict the length of a buffer before invoking the srv_paraminfo

API in the SQL Server API for Extended Stored Procedures (XP). This allows allows an attacker to cause a denial of

service or to execute arbitrary commands. This rule triggers when a call is made to 'xp_enumresultset'.

Signature ID: 21112

Access to Vulnerable MS SQL Function 'raiserror'

Threat Level: Warning

Industry ID: CVE-2001-542 CVE-2001-0542 Bugtraq: 3733

Signature Description: Buffer overflow vulnerabilities in Microsoft SQL Server 7.0 and 2000 allows attackers with

access to SQL Server to execute arbitrary code through the function 'raiserror.' This rule hits when a call to 'raiserror' is

made from external network.

Signature ID: 21113

MS SQL Server xp_displayparamstmt Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1081 Bugtraq: 2030

Signature Description: Microsoft SQL Server Desktop Engine (MSDE) suffers from multiple buffer overflow

vulnerabilities. The xp_displayparamstmt function fails to restrict the length of a buffer before invoking the

srv_paraminfo API in the SQL Server API for Extended Stored Procedures (XP). This allows an attacker to cause a

denial of service or to execute arbitrary commands. This rule triggers when a call is made to 'xp_enumresultset'.

Signature ID: 21114

MS SQL Server xp_SetSQLSecurity Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1088 Bugtraq: 2043

Signature Description: Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) suffers from multiple

buffer overflow vulnerabilities. The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server

Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in

the SQL Server API for Extended Stored Procedures (XP). This allows an attacker to cause a denial of service or

execute arbitrary commands. This rule triggers when a call is made to 'xp_SetSQLSecurity'.

Signature ID: 21115

MS SQL Server xp_updatecolvbm Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1084

Bugtraq: 2039

Signature Description: The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine

(MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server

API for Extended Stored Procedures (XP). This vulnerability allows an attacker to cause a denial of service or execute

arbitrary commands. This rule triggers when a call is made to 'xp_updatecolvbm'.