TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

571

572

573

574

575

576

577

578

579

580

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

575

Signature ID: 21122

MS-SQL/SMB Shellcode Attempt (2)

Threat Level: Severe

Signature Description: Attackers can include shell code in the traffic to exploit the vulnerabilities in MS-SQL/SMB

servers. This rule detects if there is a NOP sequence in the traffic targetted to MS-SQL/SMB servers.<br>

Signature ID: 21123

MS-SQL Shellcode Attempt (2)

Threat Level: Information

Signature Description: Attackers can include shell code in SQL requests to exploit the vulnerabilities in target SQL

servers. This rule detects if there is a NOP sequence, which is generally used in shellcode in a SQL command stream.

Signature ID: 21124

MS SQL Server/SMB xp_reg* registry Buffer Overflow Vulnerability

Threat Level: Information

Signature Description: Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) contains a buffer

overflow vulnerability when the xp_reg function invokes srv_paraminfo function in the SQL Server API for Extended

Stored Procedures (XP), without proper validations. A remote attacker can exploit this vulnerability, which can cause

denial of service or execution of arbitrary commands. This rule triggers when a call is made to 'xp_reg'.

Signature ID: 21125

MS SQL Server/SMB xp_printstatements Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1086 Bugtraq: 2041

Signature Description: Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) contains a buffer

overflow vulnerability. The xp_printstatements function in these server programs does not properly restrict the length

of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP). This

vulnerability can be exploited by a remote attacker, and can cause a denial of service or execution of arbitrary code.

This rule triggers when a call is made to 'xp_printstatements'.

Signature ID: 21127

Microsoft SQL Server/ MSDE "Hello" Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2002-1123 Bugtraq: 5411 Nessus: 11067

Signature Description: Microsoft SQL server and MS Desktop Engine (MSDE) suffer from buffer overflow

vulnerability that allows an attacker to execute arbitrary commands or crash the service. This vulnerability exists due to

improper verification of authentication request buffer in SQL Server 2000 (and MSDE 2.0). The exploit can be

launched before even authentication takes place. (MS02-056)

Signature ID: 21128

Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability

Threat Level: Severe

Industry ID: CVE-2004-0474

CVE-2002-0974 Bugtraq: 9621,5478 Nessus: 11286

Signature Description: Microsoft Windows XP is vulnerable to cross-site scripting. The Microsoft Windows XP HCP

URI handler has been reported to suffer from a vulnerability, that may result in remote arbitrary command execution.

The issue is reported to be present when a specially formatted HCP URI that references a local resource is processed. A

remote attacker may exploit this issue to have arbitrary commands executed in the context of the user who followed the