TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
582
119, so successful exploitation would typically only yield the privileges of the news user.This rule hits when a buffer
overflow attempt to sendsys of NNTP with more than 21 characters.
Signature ID: 22111
NNTP senduuname buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0045
Bugtraq: 9382
Signature Description: The Internet Software Consortium's (ISC) InterNetNews (INN) is a Usenet application. The
InternetNews provides real-time news updated throughout the business day, covering IT issues and Internet-related
technologies for corporate managers and hi-tech professionals. ISC, INN 2.4.0 is vulnerable version to buffer overflow.
It may possible to exploit this issue to execute arbitrary code in the context of the innd process. It should be noted that
innd is designed to drop privileges after binding to port 119, so successful exploitation would typically only yield the
privileges of the news user.Version 2.4.0 of ISC's InterNetNews package contains a Network News Transfer Protocol
(NNTP) server that contains a buffer overflow condition. Versions 2.3.x and prior are not vulnerable to this issue. The
vulnerability is in the code that processes control messages, specifically the ARTpost() function.Upgrade to version
2.4.1 as the solution. This rule hits when a buffer overflow attempt on senduuname of NNTP with more than 21
characters found.
Signature ID: 22112
NNTP version buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0045 Bugtraq: 9382
Signature Description: ISC has reported a remotely exploitable buffer overrun in INN.This issue exists in the control
message handling code that was introduced into version 2.4.0.It may possible to exploit this issue to execute arbitrary
code in the context of the innd process.It should be noted that innd is designed to drop privileges after binding to port
119, so successful exploitation would typically only yield the privileges of the news user. This rule hits when an
attempt to overflow version field with more than 21 characters found.
Signature ID: 22113
Microsoft SSL PCT buffer overflow attempt
Threat Level: Critical
Industry ID: CVE-2003-0719
Bugtraq: 10116 Nessus: 12209
Signature Description: A buffer overrun vulnerability exists in the Private Communications Transport (PCT) protocol,
which is part of the Microsoft Secure Sockets Layer (SSL) library. Only systems that have SSL enabled, and in some
cases Windows 2000 domain controllers, are vulnerable. An attacker who successfully exploited this vulnerability
could take complete control of an affected system.All programs that use SSL could be affected. Although SSL is
generally associated with Internet Information Services by using HTTPS and port 443, any service that uses SSL on an
affected platform is likely to be vulnerable. In this case PCT should work for NNTP. This includes but is not limited to,
Microsoft Internet Information Services 4.0, Microsoft Internet Information Services 5.0, Microsoft Internet
Information Services 5.1, Microsoft Exchange Server 5.5, Microsoft Exchange Server 2000, Microsoft Exchange
Server 2003, Microsoft Analysis Services 2000 (included with SQL Server 2000), and any third-party programs that
use PCT (MS04-011)
Signature ID: 22114
NNTP Command length is grater than 512 bytes
Threat Level: Critical
Industry ID: CVE-2004-0574
Signature Description: NNTP specifies a protocol for the distribution, inquiry, retrieval,and posting of news articles
using a reliable stream-based transmission of news among the ARPA-Internet community. RFC 977 define size of the