TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
665
Signature ID: 30057
Novell eDirectory MS-Dos Device Name Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1729
Signature Description: Novell eDirectory is a software package that uses a Lightweight Directory Access Protocol
(LDAP) directory service for integrating enterprise and eBusiness programs. Novell eDirectory version 8.7.3 and
possibly earlier versions running on Micrsoft Windows are vulnerable to a denial of service attack caused by a NULL
pointer dereference when handling HTTP requests. By sending a specially-crafted HTTP request for reserved MS-DOS
device names such as AUX, CON, PRN, COM1, LPT1 etc., a remote attacker could cause the service to crash. User are
advised to upgrade to the latest version of Novell eDirectory (8.7.3 or later) available from the Novell eDirectory
Support Web page. This rule hits when an attack pattern towards the destination port 8028 found.
Signature ID: 30058
Novell GroupWise Messenger Server Nmma.EXE Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-4511 Bugtraq: 20316
Signature Description: Novell Groupwise Messenger is a corporate, cross-platform instant messaging product. Novell
GroupWise Messenger server 2.0 is prone to a denial-of-service vulnerability that allow remote attackers to crash the
server. HTTP protocol is used as the communication method in the messenger agents nmma.exe in GroupWise
Messenger. The data submitted to the server is composed as an object consisting of tag, a command, a value, and a
type. By constructing a malicious HTTP POST request in a way, type variable indicating the val argument to be treated
as a pointer to a datatype other than string, a remote attacker can cause the messenger to crash. A memory access
violation occurs due to invalid variable type specified in the command. Install the patch suggested by vendor.
Signature ID: 30059
Oracle Database DBMS_ASSERT Filter SQL Injection Vulnerability
Threat Level: Warning
Bugtraq: 19203
Signature Description: Oracle Database Server is a commercial relational database application suite. The package
DBMS_ASSERT is used to sanitize user input such as for SQL injection strings or other malicious input. This package
several functions and QUALIFIED_SQL_NAME is one of them. The QUALIFIED_SQL_NAME function in the
vulnerable package could be bypassed by enclosing malicious content in double quotation characters ("). A remote
attacker can make use of this to execute SQL queries on the database server. Administrators are advised to close the
remote access to untrusted clients. This rule hits for the attack pattern on 1521 destination port.
Signature ID: 30060
Oracle Database DBMS_ASSERT Filter SQL Injection Vulnerability
Threat Level: Warning
Bugtraq: 19203
Signature Description: Oracle Database Server is a commercial relational database application suite. The package
DBMS_ASSERT is used to sanitize user input such as for SQL injection strings or other malicious input. This package
several functions and QUALIFIED_SQL_NAME is one of them. The QUALIFIED_SQL_NAME function in the
vulnerable package could be bypassed by enclosing malicious content in double quotation characters ("). A remote
attacker can make use of this to execute SQL queries on the database server. Administrators are advised to close the
remote access to untrusted clients. The Oracle Database works on 1521 or 1526 ports. This rule hits when destination
port is 1526.