TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
672
Signature ID: 30085
OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3738 CVE-2007-5135 Bugtraq: 20249
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A remotely exploitable buffer
overflow vulnerability exists in OpenSSL versions 0.9.7-0.9.8. The vulnerability specifically exists in the function
SSL_Get_Shared_Ciphers function which extracts the cipher codes from the ClientHello message. A remote attacker
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most
of the vendors that use vulnerable OpenSSL has released patches. This rule looks for the attack pattern on the
destination port 995.
Signature ID: 30086
OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3738 CVE-2007-5135 Bugtraq: 20249
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A remotely exploitable buffer
overflow vulnerability exists in OpenSSL versions 0.9.7-0.9.8. The vulnerability specifically exists in the function
SSL_Get_Shared_Ciphers function which extracts the cipher codes from the ClientHello message. A remote attacker
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most
of the vendors that use vulnerable OpenSSL has released patches. This rule hits when the attack pattern "16
03","01","03","00" followed with a two byte numeric value that is more than 256.
Signature ID: 30087
OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3738 CVE-2007-5135 Bugtraq: 20249
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A remotely exploitable buffer
overflow vulnerability exists in OpenSSL versions 0.9.7-0.9.8. The vulnerability specifically exists in the function
SSL_Get_Shared_Ciphers function which extracts the cipher codes from the ClientHello message. A remote attacker
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most
of the vendors that use vulnerable OpenSSL has released patches. This rule looks for the attack pattern flowing towards
SMTP.
Signature ID: 30088
OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3738
CVE-2007-5135 Bugtraq: 20249
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A remotely exploitable buffer
overflow vulnerability exists in OpenSSL versions 0.9.7-0.9.8. The vulnerability specifically exists in the function
SSL_Get_Shared_Ciphers function which extracts the cipher codes from the ClientHello message. A remote attacker
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most