TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
724
Signature ID: 30465
SonicWALL NetExtender NELaunchCtrl ActiveX AddRouteEntry Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5603 Bugtraq: 26288
Signature Description: SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX control.
The NELaunchCtrl ActiveX control 2.5 before 2.5.0.56 (SSL-VPN 2000 and SSL-VPN 4000) and prior to 2.1.0.51
(SonicWALL SSL-VPN 200), which is provided by NELaunchX.dll, contains a stack buffer overflow in the
AddRouteEntry() method. By persuading a victim to visit a specially-crafted Web page that passes an overly long
second argument to the AddRouteEntry() method, a remote attacker could overflow a buffer and execute arbitrary code
on the system with the privileges of the victim or cause the victim's browser to crash. This vulnerability is addressed in
the client software provided by the 2.5 firmware for the SonicWall NetExtender 4000 and 2000 series VPN units and
2.1 firmware for the SonicWall NetExtender 200 series. This signature detects attacks using CLSID and
AddRouteEntry method.
Signature ID: 30466
SonicWALL NetExtender NELaunchCtrl ActiveX AddRouteEntry Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5603 Bugtraq: 26288
Signature Description: SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX control.
The NELaunchCtrl ActiveX control 2.5 before 2.5.0.56 (SSL-VPN 2000 and SSL-VPN 4000) and prior to 2.1.0.51
(SonicWALL SSL-VPN 200), which is provided by NELaunchX.dll, contains a stack buffer overflow in the
AddRouteEntry() method. By persuading a victim to visit a specially-crafted Web page that passes an overly long
second argument to the AddRouteEntry() method, a remote attacker could overflow a buffer and execute arbitrary code
on the system with the privileges of the victim or cause the victim's browser to crash. This vulnerability is addressed in
the client software provided by the 2.5 firmware for the SonicWall NetExtender 4000 and 2000 series VPN units and
2.1 firmware for the SonicWall NetExtender 200 series. This signature detects attacks using CLSID in UTF encoding.
Signature ID: 30468
Borland InterBase/Firebird Database Multiple Functions Stack Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3566
CVE-2007-5243 CVE-2007-5244 CVE-2007-5245 CVE-2007-5246 Bugtraq:
25048,25917,25925
Signature Description: InterBase is a relational database management system (RDBMS) currently developed and
marketed by CodeGear, a wholly-owned subsidiary of Borland Software Corporation. Firebird is a relational database
that runs on Linux, Windows, and a variety of Unix platforms. Borland InterBase LI 8.0.0.53 through 8.1.0.253 on
Linux and Firebird Versions 2.0.0.12748, 2.0.1.12855 on Linux and Windows are vulnerable to stack-based overflow
caused by improper bounds checking in multiple functions. This rule triggers when a large Attach request is found. By
sending a specially-crafted 'Attach' request to TCP port 3050, a remote attacker could overflow a buffer and execute
arbitrary code on the system. Upgrade to latest version of the software or install the updates provided by the software
vendor which are available from vendor's website.
Signature ID: 30469
Borland InterBase/Firebird Database Multiple Functions Stack Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3566
CVE-2007-5243 CVE-2007-5244 CVE-2007-5245 CVE-2007-5246 Bugtraq:
25048,25917,25925
Signature Description: InterBase is a relational database management system (RDBMS) currently developed and