TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
659
specially-crafted Web page that supplies a long string as the first argument to the SetCifFile method. The successful
exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the victim's system using the
ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service
conditions.User can set killbit to the clsid corresponding to the progid ASControls.InstallEngineCtl to reslove this
issue.
Signature ID: 30028
Microsoft Internet Explorer Install Engine Control Buffer Overflow Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2004-0216
Bugtraq: 11366
Signature Description: This vulnerability is caused due to an integer overflow in the ASControls.InstallEngineCtl
ActiveX control (asctrls.ocx) when processing SetCifFile() method. Successful exploits may allow attackers to crash
the application, denying further service to users. This issue may also be exploited to execute arbitrary machine-code
Signature ID: 30029
Microsoft Internet Explorer VML fill method unicode Buffer overflow Vulnerability(4)
Threat Level: Severe
Industry ID: CVE-2006-4868 CVE-2006-3866 Bugtraq: 20096
Signature Description: This vulnerability is caused due to a boundary error in the Microsoft Vector Graphics
Rendering(VML) library (vgx.dll) when processing certain content in Vector Markup Language (VML) documents.
Successful exploits may allow attackers to crash the application, denying further service to users. This issue may also
be exploited to execute arbitrary machine-code.
Signature ID: 30030
CommuniGate Pro LDAP Server Large Number of DN Elements Denial of Service
Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-0566 CVE-2006-0468 Bugtraq: 16407
Signature Description: CommuniGate Pro is a communication server which includes an LDAP module. The LDAP
server listens on TCP port 389 by default. CommuniGate Pro Server 5.0.7 and prior versions allows remote attackers to
cause a denial of service (crash) via LDAP messages with too many DN (Distinguished Name) elements. Every entry
in the directory has a distinguished name (DN). The DN is the name that uniquely identifies an entry in the directory. A
DN is made up of attribute=value pairs, separated by commas. Attackers could construct an LDAP request that contains
large number of (> 100) DN elements separated by comma which allows remote attackers to crash the application
causing a denial of service. Users are advised to upgrade to the newer version.
Signature ID: 30031
IBM Lotus Domino LDAP Server Bind Request Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-0580 CVE-2006-0359 CVE-2001-1312 Bugtraq: 16253,3042
Signature Description: IBM Lotus Domino is a communication server which includes an LDAP module. The LDAP
server listens on TCP port 389 by default. Abstract Syntax Notation One (ASN.1) is a standard and flexible notation
that describes data structures for representing, encoding, transmitting, and decoding data. The Basic Encoding Rules
(BER) were the original rules laid out by the ASN.1 standard for encoding abstract information into a concrete data
stream. LDAP message data is transferred using Basic Encoding Rules (BER). A denial of service vulnerability exists
in the LDAP component of IBM Lotus Domino Server versions 7.0 and prior. The application crashes when it receives
a bind request with ASN.1 INTEGER object setting to a value of zero. The issue is fixed in Domino 6.5.4 FP2, Domino
6.5.5, and Domino 7.0.1.