TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
683
multi-server environments from one common interface. Report Manager version prior to 3.5 Update 4 is vulnerable to a
heap based overflow. The specific flaw exists both within the scheduler client (clsscheduler.exe) listening on TCP port
7978 and the scheduler server (srvscheduler.exe) listening on TCP port 7977. By sending a specially-crafted HTTP
POST or GET request containing an overly long filename, a remote attacker could overflow a buffer and execute
arbitrary code on the system with SYSTEM privileges. Upgrade to the latest version of Bakbone NetVault Report
Manager (3.5 update 4 or later), available from the Bakbone NetVault Report Manager Web site.
Signature ID: 30305
Borland InterBase/Firebird Database Multiple Functions Stack Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3566
CVE-2007-5243 CVE-2007-5244 CVE-2007-5245 CVE-2007-5246 Bugtraq:
25048,25917,25925
Signature Description: InterBase is a relational database management system (RDBMS) currently developed and
marketed by CodeGear, a wholly-owned subsidiary of Borland Software Corporation. Firebird is a relational database
that runs on Linux, Windows, and a variety of Unix platforms. Borland InterBase LI 8.0.0.53 through 8.1.0.253 on
Linux and Firebird Versions 2.0.0.12748, 2.0.1.12855 on Linux and Windows are vulnerable to stack-based overflow
caused by improper bounds checking in multiple functions. This rule triggers when a malicious 'Create' request is
found. By sending a specially-crafted 'Create' request to TCP port 3050, a remote attacker could overflow a buffer and
execute arbitrary code on the system. Upgrade to latest version of the software or install the updates provided by the
software vendor which are available from vendor's website. This signature detects the request opcode value(0x14) then
the long size value(if it is more than 1024 bytes).
Signature ID: 30306
LinkedIn IE Browser Toolbar ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3955 Bugtraq: 25032
Signature Description: LinkedIn is a business oriented social networking site, mainly used for professional networking.
The LinkedIn Internet Explorer Toolbar is vulnerable to a buffer overflow, caused by improper bounds checking in the
LinkedInIEToolbar.dll (Version: 3.0.2.1098) library's Search function. By convincing a user to visit a malicious
webpage, a remote attacker could overflow the buffer and execute arbitrary code. No update is issued by the vendor as
of August 2007. Set a killbit for this ActiveX Control to disable the toolbar.
Signature ID: 30307
Cerulean Studios Trillian IM aim: URI Handler ini Parameter File Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3833 CVE-2007-3832 Bugtraq: 24927
Signature Description: Trillian is a proprietary multiprotocol instant messaging application for Windows created by
Cerulean Studios that can connect to multiple IM services, such as AIM, ICQ, Windows Live Messenger, Yahoo!
Messenger, IRC, Novell GroupWise Messenger, Bonjour, Jabber, and Skype networks. The AOL Instant Messenger
(AIM) protocol handler in Cerulean Studios Trillian version 3.1.6.0 and prior allows a remote attacker to create
arbitrary files at any location on the system. The vulnerability is caused by improper validation of the 'ini' parameter
within an aim: URI. By convincing a victim to open a malicious aim: URI link, a remote attacker can exploit this
vulnerability and write arbitrary files to the victim machine. Upgrade to version 3.1.7.0 or later.
Signature ID: 30308
Cerulean Studios Trillian IM aim:// URI Handler Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3832 Bugtraq: 24927
Signature Description: Trillian is a proprietary multiprotocol instant messaging application for Windows created by
Cerulean Studios that can connect to multiple IM services, such as AIM, ICQ, Windows Live Messenger, Yahoo!