TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
676
isaNVWRequest.dll ISAPI application, which is part of the Web management interface. By sending an overly long
HTTP POST request, a remote attacker could overflow a buffer and execute arbitrary code on the system with
privileges of the Web server process. Trend Micro has acknowledged this vulnerability but has not released patches
since the issue appears to exist in the Microsoft MFC ISAPI libraries. This issue may be addressed in the libraries
associated with Visual C++ 6.0 with Service Pack 6, though this has not been confirmed by Symantec.
Signature ID: 30167
SMTP Command with Command Length more than 360 Bytes
Threat Level: Warning
Industry ID: CVE-2004-1558 Bugtraq: 11256
Signature Description: This rule gets when an attempt is made to send a SMTP command with its length more than 360
bytes. Several applications are vulnerable to this attack. YPOPs! is an application designed to provide POP3 access to
Yahoo! Mail. YPOPs! versions 0.4 to 0.6 are vulnerable to a stack-based buffer overflow in the SMTP service, caused
by improper bounds checking of SMTP messages. By sending a SMTP message containing more than 504 bytes, a
remote attacker could overflow a buffer and execute arbitrary code on the system or cause the SMTP service to crash.
Administrators are advised to upgrade to newer version.
Signature ID: 30168
Alt-N WebAdmin USER Parameter Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0471 Bugtraq: 8024 Nessus: 11771
Signature Description: WebAdmin is an application designed to provide support for web-based remote administration
of Alt-N Technologies software. A remotely exploitable buffer overflow vulnerability exists in Webadmin 2.0.4 and
prior. This is due to insufficient bounds checking on the USER parameter. By default this service runs on TCP port
1000 as a system service. With a specially crafted request, an attacker can cause code execution with SYSTEM level
privileges.This rule hits when attack traffic found towards the destination port 1000. This issue has been solved in
Webadmin 2.0.5. Upgrade to this version.
Signature ID: 30169
Alt-N WebAdmin USER Parameter Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0471
Bugtraq: 8024 Nessus: 11771
Signature Description: WebAdmin is an application designed to provide support for web-based remote administration
of Alt-N Technologies software. A remotely exploitable buffer overflow vulnerability exists in Webadmin 2.0.4 and
prior. This is due to insufficient bounds checking on the USER parameter. By default this service runs on TCP port
1000 as a system service. With a specially crafted request, an attacker can cause code execution with SYSTEM level
privileges. This issue has been solved in Webadmin 2.0.5. Upgrade to this version. This rule hits for the attack pattern
towards HTTP Alt-N WebService.
Signature ID: 30170
Barracuda Spam Firewall IMG.PL Directory Traversal and Remote Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2847 CVE-2005-2848 Bugtraq: 14712,14710
Signature Description: Barracuda Spam Firewall is a hardware and software solution to protect email servers.
Barracuda Spam Firewall firmware 3.1.17 and prior versions are prone to a remote arbitrary command execution
vulnerability. The '/cgi-bin/img.pl' script does not properly validate user-supplied input in the 'f' parameter. A remote
user can supply a specially crafted parameter value containing '../' directory traversal characters to view files on the
target system. A remote user can also exploit this flaw to execute arbitrary commands on the target system by using a '|'