TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
690
Signature ID: 30332
Hewlett-Packard OpenView Operations OVTrace Service Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3872 Bugtraq: 25255
Signature Description: HP OpenView Operations software is a suite of network management tools used to monitor
events on, and evaluate the performance of, hosts on the network. The Shared Trace Service OVTrace in HP OpenView
Operations is used for 'diagnostic tracing facility'. HP OpenView Operations is vulnerable to a stack-based buffer
overflow, caused by improper bounds checking by the OVTrace service. Multiple vulnerabilities exist within functions
responsible for handling requests. By sending a specially crafted data through opcode handlers 0x1a and 0x0f, a remote
attacker could overflow a buffer and execute arbitrary code on the system with root or SYSTEM privileges. OVTrace
service operaters on the port numbers 5053 or 5051. This hits when an attempt made with more than 1024 characters
towards the destination port 5051.
Signature ID: 30333
Hewlett-Packard OpenView Operations OVTrace Service Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-3872 Bugtraq: 25255
Signature Description: HP OpenView Operations software is a suite of network management tools used to monitor
events on, and evaluate the performance of, hosts on the network. The Shared Trace Service OVTrace in HP OpenView
Operations is used for 'diagnostic tracing facility'. HP OpenView Operations is vulnerable to a stack-based buffer
overflow, caused by improper bounds checking by the OVTrace service. Multiple vulnerabilities exist within functions
responsible for handling requests. By sending a specially crafted data through opcode handlers 0x1a and 0x0f, a remote
attacker could overflow a buffer and execute arbitrary code on the system with root or SYSTEM privileges.OVTrace
operates on 5051 or 5053.This rule hits when a buffer overflow attempt on the destination port 5053 with more than
256 characters.
Signature ID: 30334
Symantec Norton Products NAVCOMUI.DLL ActiveX Control Remote Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2955
Bugtraq: 24983
Signature Description: The NACOMUI.DLL library, installed by several Symantec Norton products, exports two
ActiveX controls that are vulnerable to code execution. The issue is due to the ActiveX Controls AxSysListView32 and
AxSysListView32OAA in NavComUI.dll, do not properly handle the VARIANT* argument provided for
'AnomalyList' and 'Anomaly' properties respectively. By convincing a victim to visit a malicious web page containing
%u encoded exploit data, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable
system with the privileges of the victim or cause a denial of service. Symantec has addressed this issue in SYM07-021
and patch is available through LiveUpdate.
Signature ID: 30335
Symantec Norton Products NAVCOMUI.DLL ActiveX Control Remote Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2955
Bugtraq: 24983
Signature Description: The NACOMUI.DLL library, installed by several Symantec Norton products, exports two
ActiveX controls that are vulnerable to code execution. The issue is due to the ActiveX Controls AxSysListView32 and
AxSysListView32OAA in NavComUI.dll, do not properly handle the VARIANT* argument provided for
'AnomalyList' and 'Anomaly' properties respectively. By convincing a victim to visit a malicious web page containing
UTF-16 encoded data, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable