TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

571

572

573

574

575

576

577

578

579

580

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

579

Signature ID: 21705

Microsoft SMB-DS RPC Locator Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2003-0003

Bugtraq: 6666

Signature Description: A buffer overflow vulnerability in the Microsoft Windows Locator service could allow a remote

attacker to execute arbitrary code or cause the Windows Locator service to fail.The buffer overflow can be caused by

searching entry names for bindings for a very long string. The vulnerability exists in insecure call to wcspy().

Signature ID: 21706

Mirosoft Windows ENUMSERVICESTATUSA service enumeration request

Threat Level: Warning

Signature Description: This rule alerts IPS administrator when there is an attempt to discover all active services on

windows platform using EnumServicesStatusA request via NETBIOS.

Signature ID: 21707

SMB-DS IPC$ share access (3)

Threat Level: Warning

Signature Description: This rule triggers when there is an attempt to access SMB IPC$ service from external network.

This alerts IPS administrator regarding security concerns about such access.

Signature ID: 21708

Microsoft Windows(SMB)RRAS Memory Corruption Vulnerability

Threat Level: Warning

Industry ID: CVE-2006-2370 Bugtraq: 18325

Signature Description: Microsoft Remote Access Connection Manager (RASMAN) is an utility bundled with

Microsoft Windows, that allows remote configuration and management of various remote access services. A

vulnerability exists in the dynamically linked library rasmans.dll in the handling of requests sent via RASMAN that

would allow an attacker to exploit and execution of arbitrary code. This signature detects attacks on TCP port 139.

Signature ID: 21709

Microsoft Windows(SMB-DS)RRAS Memory Corruption Vulnerability

Threat Level: Warning

Industry ID: CVE-2006-2370

Bugtraq: 18325

Signature Description: Microsoft Remote Access Connection Manager (RASMAN) is an utility bundled with

Microsoft Windows, that allows remote configuration and management of various remote access services. A

vulnerability exists in the dynamically linked library rasmans.dll in the handling of requests sent via RASMAN that

would allow an attacker to exploit and execution of arbitrary code. This signature detects attacks on TCP port 445.

Signature ID: 21710

Microsoft Windows(SMB)RAS Manager Registry Corruption Vulnerability

Threat Level: Warning

Industry ID: CVE-2006-2371

Bugtraq: 18358

Signature Description: The Microsoft Remote Access Connection Manager is a service which enables remote

configuration and management of various services on a Windows host. This vulnerability exists due to insufficient

validation of user input supplied to RasRpcSetUserPreferences during registry manipulation requests. This signature

triggers on using TCP port 139.