TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
681
Signature ID: 30193
EIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3838
Bugtraq: 19164
Signature Description: EIQnetworks Enterprise Security Analyzer (ESA) is a Security Information Management (SIM)
solution that enables organizations to proactively detect security breaches, identify corporate violations and eliminate
false positives before incidents occur. eIQnetworks Enterprise Security Analyzer (ESA) version prior to 2.5.0 is
vulnerable to a stack-based buffer overflow in the Topology.exe of EnterpriseSecurityAnalyzer. ESA protocol is a very
simple plaintext protocol where requests take the form
[REQUEST_COMMAND]&[ARG1]&[ARG2]&[ARG3]&....&[ARGn]. The Topology server component in
EnterpriseSecurityAnalyzer listens on TCP port 10628 and is used in mapping real-time security threats on a graphical
network topology. By sending an overly long GUIADDDEVICE, ADDDEVICE, or DELETEDEVICE command to
TCP port 10628, a remote attacker could overflow a buffer and execute arbitrary code on the system. Authentication is
not required to exploit this vulnerability. Upgrade to the latest version of the software (2.5.0 or later).
Signature ID: 30194
NCTsoft NCTAudioFile2.AudioFile ActiveX Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0018 Bugtraq: 22196,23892
Signature Description: NCTsoft provides the ActiveX Control NCTAudioFile2.AudioFile which is present in
NCTAudioFile2.dll. Several applications support this ActiveX Control for audio files manipulation. A stack-based
buffer overflow vulnerability exists in NCTAudioFile2 due to improper bounds checking in the
SetFormatLikeSample() method. By convincing a user to visit a malicious Web page that passes an overly long string
to the SetFormatLikeSample() method, a remote attacker could overflow a buffer and execute arbitrary code on the
system or cause the user's browser to crash. Contact your product vendor for updates. As a workaround disable the
NCTAudioFile2 ActiveX control in Internet Explorer.
Signature ID: 30199
Microsoft SQL Server Resolution Service Heap Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-0649
CVE-2002-0649 Bugtraq: 5310,5311
Signature Description: Microsoft SQL Server is a relational database management system (RDBMS) produced by
Microsoft. SQL Server 2000 and MSDE 2000 has the ability to install multiple copies (instances) of SQL Server on a
single machine and have it appear that these instances are completely separate database servers. The first instance by
default use the standard SQL Server session port TCP/ 1433 and the other instances are allocated their own port
numbers dynamically. The SQL Server Resolution Service (SSRS), which operates on UDP port 1434, provides a way
for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. The SSRS in
SQL Server 2000 and MSDE 2000 is vulnerable to a remotely exploitable heap overflow. When SQL Server receives a
packet on UDP port 1434 with the first byte set to 0x08 followed by an overly long string, followed by a colon
character (:) and a number, heap based buffer overflow occurs. By sending a specially-crafted request to UDP port
1434 with the first byte set to 0x08, a remote attacker could overflow a buffer and cause the SQL Server service to
crash or execute arbitrary code on the system with the same privileges as the SQL Server. Apply the patch for this
vulnerability, as listed in Microsoft Security Bulletin MS02-039.
Signature ID: 30300
VNC Client Long Reason String Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-1652
CVE-2001-0167 Bugtraq: 17378,2305
Signature Description: UltraVNC is an open source application for the Microsoft Windows operating system that uses