TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
678
updates for this vulnerability. Restrict the access to port on which this service (default 8180/tcp) is running to trusted
clients.
Signature ID: 30176
HP OpenView Network Node Manager Shell Metacharacter Remote Command Execution
Vulnerabilitiy
Threat Level: Severe
Industry ID: CVE-2005-2773 Bugtraq: 14662
Signature Description: Network Node Manager (NNM) is a Hewlett Packard OpenView product which manages
networks. NNM determines and displays physical and logical connectivity in networks, as well as information
pertaining to protocols running over the network. It also allows historical data to be collected and viewed/graphed.
Network Node Manager versions 6.20, 6.4x, 7.01 and 7.50 for multiple platforms are vulnerable to code and command
injection attacks due to insufficient sanitization of user parameters to connectedNodes.ovpl, cdpView.ovpl,
freeIPaddrs.ovpl, and ecscmg.ovpl scripts. As a result remote attackers may be able to inject and execute arbitrary code
and commands with system privileges. Update is issued and can be downloaded from Hewlett-Packard Company
Security Bulletin HPSBMA01224.
Signature ID: 30177
PAJAX pajax_call_dispatcher.php Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-1577 CVE-2006-1551 Bugtraq: 17519,17326
Signature Description: PAJAX is a framework that facilitates the creation of remote PHP objects in JavaScript. PAJAX
utilizes an ORB (Object Request Broker) pattern allowing JavaScript objects to call methods of remote PHP objects via
some remote interface. To invoke methods on an object, PHP's eval() function is used. The php script
pajax_call_dispatcher.php contains the code that uses eval() to invoke the method using arguments provided by the
user. These parameters are unchecked and may contain harmful PHP code thus allowing execution of code by eval(). A
remote attacker could send a specially-crafted HTTP POST request to the pajax_call_dispatcher.php script using the
$method or $args parameters to upload and execute arbitrary PHP code on the system. Upgrade to the latest version of
PAJAX (0.5.2 or later), available from the PAJAX Web site.
Signature ID: 30179
3Com TFTP Server Long Transporting Mode Name Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6183
Bugtraq: 21301,21322
Signature Description: 3Com TFTP Server is a Trivial File Transfer Protocol (TFTP) service for Microsoft Windows
platform. 3CTftpSvc TFTP Server version 2.0.1 and prior is vulnerable to a stack-based buffer overflow, caused by
improper bounds checking of Read/Write request packet types. By sending an overly long transporting mode in a GET
or PUT command, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the
server to crash. Restrict access to UDP port 69.
Signature ID: 30180
HP OpenView OmniBack II Unauthorized Client Access Vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0311 Bugtraq: 11032
Signature Description: HP Openview OmniBack is a central service for backing up file stores. HP OpenView
OmniBack versions 3.00 through 3.50 for HP-UX, Windows NT, and Windows 2000 could allow a remote attacker to
gain unauthorized access to OmniBack client. A security vulnerability in the product allows attackers to cause the
program to execute arbitrary code, allowing compromising of the operating system. HP has issued a patch for this issue
that can be obtained from Hewlett-Packard Company Security Bulletin HPSBUX0102-142.