TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
580
Signature ID: 21711
Microsoft Windows(SMB-DS)RAS Manager Registry Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-2371 Bugtraq: 18358
Signature Description: The Microsoft Remote Access Connection Manager is a service which enables remote
configuration and management of various services on a Windows host. This vulnerability exists due to insufficient
validation of user input supplied to RasRpcSetUserPreferences during registry manipulation requests. This signature
triggers on using TCP port 445.
Signature ID: 22101
Microsoft IIS NNTP Service SEARCH Command Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0574 Bugtraq: 11379
Signature Description: The NNTP component provides a service that enables the distribution, retrieval, and posting of
news articles among the Internet community. Microsoft's Internet Information Services (IIS) provides support for a
number of protocols, including NNTP. A buffer overflow vulnerability exists in NNTP component caused by improper
bounds checking of user-supplied input. By making use of the command SEARCH from extended NNTP command set
this vulnerability can be exploited. The SEARCH command searches the newsgroups for articles that match the given
searching criteria which consist of one or more search keys.The NNTP service translates calls to the SEARCH
command into an internal query format. A boundary check flaw exists in the code that checks the length of the
translation from the user-supplied pattern into an internal query string. By constructing a query using SEARCH with a
special length and using multiple patterns or search keys, an attacker can exploit this flaw. Successful exploitation of
this vulnerability could allow remote code execution in the context of the process accessing the vulnerable component.
Administrators are advised to install the updates mentioned in MS04-036.
Signature ID: 22103
NNTP article post without path attempt
Threat Level: Warning
Signature Description: A vulnerability exists in the network news transport protocol server from ISC.It may be
possible for a remote attacker to exploit a buffer overflow condition in the software to execute code of the attackers
choosing with the privileges of the user running the daemon
Signature ID: 22104
NNTP checkgroups overflow vulnerability
Threat Level: Warning
Signature Description: ISC has reported a remotely exploitable buffer overrun in INN. This issue exists in the control
message handling code that was introduced into version 2.4.0. It may possible to exploit this issue to execute arbitrary
code in the context of the innd process. It should be noted that innd is designed to drop privileges after binding to port
119, so successful exploitation would typically only yield the privileges of the news user. This event alert when field
value length of checkgroups field is more than 21 bytes.
Signature ID: 22105
NNTP ihave overflow attempt
Threat Level: Information
Industry ID: CVE-2002-0909
Bugtraq: 4900
Signature Description: Mnews is a freely available, open source NNTP and mail client. It is designed to handle both
Japanese and English character sets, and is available for the Unix and Linux operating systems.Under some
circumstances, it may be possible to exploit a buffer overflow in mnews. When a server sends a 200 response to a