TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

581

582

583

584

585

586

587

588

589

590

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

584

Signature ID: 23001

Microsoft cmd.exe banner

Threat Level: Information

Nessus: 11633

Signature Description: The Microsoft command shell banner is being displayed to a system outside your internal

network, through which the remote attacker has compromised an internal system. This rule gets hit when a Windows

cmd.exe banner is detected in a TCP session. This indicates that someone has the ability to spawn a DOS command

shell prompt over TCP.

Signature ID: 23002

Index of /cgi-bin/ response from webserver Vulnerability

Threat Level: Information

Nessus: 10039,10121

Signature Description: This rule gets hit when an attempt is made to gain unauthorized access to a CGI application

running on a web server. Some applications do not perform stringent checks when validating the credentials of a client

host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated

privileges to that of the administrator. It may also be possible for the attacker to download the contents of the cgi-bin

and view the contents of the script sources.

Signature ID: 23003

HP-UX rexec command buffer overflow vulnerability

Threat Level: Warning

Industry ID: CVE-2003-1097 Bugtraq: 7459

Signature Description: The rexec program in HP-UX allows local users to execute commands on remote servers. rexec

calls the rexec subroutine to act as a client for the remote host's rexecd server. The rexec program includes a "-l"

command-line option that allows an alternate login name to be specified on the remote host. The rexec program

supplied with some versions of the HP-UX operating systems contains a buffer overflow in the handling of the

username argument passed to the "-l" option. An overly long username causes the rexec program to segmentation fault

and could allow a local attacker to execute commands of their choosing on the local system. Since the rexec program is

normally setuid to root, these commands would be executed with root privileges.

Signature ID: 23004

RealNetworks cross site scripting forced download attempt

Threat Level: Information

Signature Description: A vulnerability exists in versions of RealPlayer from RealNetworks that may allow a remote

attacker to launch a sucessful cross-site scripting attack against a host running the application.This event is an

indication of a successful attack.

Signature ID: 23005

Integer Overflow in challenge response handling of OpenSSH

Threat Level: Information

Industry ID: CVE-2002-0639

CVE-2002-0390 Bugtraq: 5093 Nessus: 11031

Signature Description: An Integer Overflow vunerability exists in the challenge response handling code in OpenSSH

versions 2.3.1p1 through 3.3. These OpenSSH versions fail to verify the integer that specifies the number of responses

received during challenge response authentication. If the challenge response configuration option is set to yes and the

system is using SKEY or BSD_AUTH authentication, then a remote intruder may be able to exploit the vulnerability to

execute arbitrary code.GOBBLE is a software which runs on OpenSSH.