TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
581
client, it may be possible for the server to include enough data in the response to trigger a buffer overflow. This
overflow could result in the overwriting of stack memory, and the potential execution of attacker supplied instructions.
Signature ID: 22106
ISC INN Control Message Handling Buffer Overrun
Threat Level: Information
Industry ID: CVE-2004-0045 Bugtraq: 9382
Signature Description: ISC has reported a remotely exploitable buffer overrun in INN. This issue exists in the control
message handling code that was introduced into version 2.4.0. It may possible to exploit this issue to execute arbitrary
code in the context of the innd process. It should be noted that innd is designed to drop privileges after binding to port
119, so successful exploitation would typically only yield the privileges of the news user. This rule hits when NNTP
Protocol Control Header filed value is more than 100 bytes.
Signature ID: 22107
NNTP return code buffer overflow attempt
Threat Level: Warning
Industry ID: CVE-2002-0909 Bugtraq: 4900
Signature Description: Mnews is a freely available, open source NNTP and mail client. When a server sends a 200
response to a client, it may be possible for the server to include enough data in the response to trigger a buffer
overflow. This overflow could result in the overwriting of stack memory, and the potential execution of attacker
supplied instructions.
Signature ID: 22108
NNTP rmgroup overflow attempt
Threat Level: Information
Industry ID: CVE-2004-0045 Bugtraq: 9382
Signature Description: ISC has reported a remotely exploitable buffer overrun in INN. This issue exists in the control
message handling code that was introduced into version 2.4.0. It may possible to exploit this issue to execute arbitrary
code in the context of the innd process. It should be noted that innd is designed to drop privileges after binding to port
119, so successful exploitation would typically only yield the privileges of the news user. This rule hits when NNTP
Protocol Header field "rmgroup" value is more than 21 chars.
Signature ID: 22109
NNTP sendme buffer overflow attempt
Threat Level: Information
Industry ID: CVE-2004-0045 Bugtraq: 9382
Signature Description: ISC has reported a remotely exploitable buffer overrun in INN.This issue exists in the control
message handling code that was introduced into version 2.4.0.It may possible to exploit this issue to execute arbitrary
code in the context of the innd process.It should be noted that innd is designed to drop privileges after binding to port
119, so successful exploitation would typically only yield the privileges of the news user. This rule hits when a buffer
overflow attempt with more than 21 characters send to sendme function.
Signature ID: 22110
NNTP sendsys buffer overflow attempt
Threat Level: Information
Industry ID: CVE-2004-0045 Bugtraq: 9382
Signature Description: ISC has reported a remotely exploitable buffer overrun in INN.This issue exists in the control
message handling code that was introduced into version 2.4.0.It may possible to exploit this issue to execute arbitrary
code in the context of the innd process.It should be noted that innd is designed to drop privileges after binding to port