TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
685
Motorola. Timbuktu Pro version 8.6.3.1367 and possibly prior versions are vulnerable to a directory traversal via
malicious 'Send' requests. When handling 'Send' requests, Timbuktu does not properly check for directory traversal
specifiers such as ../ thus allowing a remote attacker to write files outside the intended location. Deletion of files is also
possible by sending a file with same file name and tearing down the connection before transmission is complete. Since
the attacker can delete and create arbitrary files with SYSTEM privileges, they are able to write to important system
files such as libraries, or start up files that will result in arbitrary code execution. Upgrade to version 8.6.5 of Timbuktu
Pro for Windows.
Signature ID: 30313
Motorola Timbuktu Pro Exchange Request Directory Traversal Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4220 Bugtraq: 25453
Signature Description: Timbuktu is a remote control software product developed by Netopia currently acquired by
Motorola. Timbuktu Pro version 8.6.3.1367 and possibly prior versions are vulnerable to a directory traversal via
malicious 'Exchange' requests. When handling 'Exchange' requests, Timbuktu does not properly check for directory
traversal specifiers such as ../ thus allowing a remote attacker to write files outside the intended location. Deletion of
files is also possible by sending a file with same file name and tearing down the connection before transmission is
complete. Since the attacker can delete and create arbitrary files with SYSTEM privileges, they are able to write to
important system files such as libraries, or start up files that will result in arbitrary code execution. Upgrade to version
8.6.5 of Timbuktu Pro for Windows.
Signature ID: 30314
TCPDump print-bgp.c Remote Integer Underflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3798 Bugtraq: 24965
Signature Description: The tcpdump utility is a tool used to monitor network traffic. tcpdump is prone to an integer-
underflow vulnerability which leads to buffer overflow. The issue is caused by improper bounds checking before
copying user supplied input into an insufficiently sized memory buffer by the decode_labeled_vpn_l2 and snprintf
functions. By sending a specially-crafted BGP packet containing malicious TLVs, a remote attacker could overflow a
buffer and execute arbitrary code on the system or cause the application to crash. Upgrade to the latest version of
tcpdump CVS version 1.91.2.12 or later.
Signature ID: 30315
SquirrelMail G/PGP Plug-in deleteKey() Command Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1924 CVE-2007-3636 Bugtraq: 24828,24874
Signature Description: SquirrelMail G/PGP Plug-in is a general purpose encryption, decryption, and digital signature
plug-in for SquirrelMail that implements the OpenPGP standard using GPG. A command injection vulnerability exists
in the G/PGP Encrpytion Plugin for SquirrelMail webmail version 2.1 and prior. The vulnerability specifically exists
within the function deleteKey() defined in gpg_keyring.php. A remote authenticated attacker could exploit this
vulnerability using the fpr parameter submitted to one of the files import_key_file.php, import_key_text.php and
keyring_main.php. Successful exploitation allows remote attacker to execute arbitrary commands on the system with
the privileges of the Web server. Upgrade to latest version of G/PGP plug-in that is available from vendor's website.
Signature ID: 30316
SquirrelMail G/PGP Plug-in gpg_recv_key() Command Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1924 CVE-2007-3636 Bugtraq: 24828,24874
Signature Description: SquirrelMail G/PGP Plug-in is a general purpose encryption, decryption, and digital signature
plug-in for SquirrelMail that implements the OpenPGP standard using GPG. A command injection vulnerability exists