TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
753
resuming broken uploads and downloads.Multiple input validation vulnerabilities in acFTP have been reported, which
can be exploited by remote users to trigger denial of service conditions.The vulnerabilities are caused due to input
validation errors when handling arguments passed to the REST and PBSZ commands. This can be exploited to crash
the service by passing a specially crafted string as argument to either of the affected commands.Successful exploitation
using the REST command requires a valid user account.
Signature ID: 32712
HTTP MS IE chtskdic.dll Remote Code Execution
Threat Level: Severe
Signature Description: Microsoft Internet Explorer is prone to an arbitrary code-execution vulnerability because the
application fails to load a DLL library when instantiated as an ActiveX control.This issue is caused by a memory
corruption error when instantiating the "chtskdic.dll" COM object as an ActiveX control, which could be exploited by
remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Signature ID: 32713
DOS Infinite Array Sort
Threat Level: Severe
Signature Description: Microsoft Internet is prone to a vulnerability that may result in a browser crash.This issue is
exposed when the browser performs an infinite JavaScript array sort operation.It is conjectured that this will only result
in a denial of service and is not further exploitable to execute arbitrary code, though this has not been
confirmed.Multiple vendor Web browsers, including Microsoft Internet Explorer, Safari, Mozilla, Camino, Firefox,
Netscape and Opera are vulnerable to a denial of service attack.A remote attacker could create a specially-crafted Web
page that contains a nested array, which would cause the victim's Web browser to crash, once the Web page is
visited.An attacker could exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to
a victim as an HTML email.
Signature ID: 32714
Backdoor Beast 2.06
Threat Level: Critical
Signature Description: Beast is a backdoor Trojan affecting Microsoft Windows operating systems.Beast uses a
client/server relationship, where the server component is installed in the victim's system and the remote attacker has
control of the client.The server attempts to open port 6666 to allow the client system to connect.Beast can disable
personal firewalls and antivirus software.Beast contains a key logger option that captures passwords, if the key logger
is enabled.Beast could allow a remote attacker to gain unauthorized access to the system.A hacker utility, back door, or
Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc.
Signature ID: 32715
Novell Groupwise WebAccess GWINTER.EXE Overflow POC_2
Threat Level: Severe
Signature Description: This rule hits when a large value as an argument value to the Authorization Field, and traffic is
flowing towards the destination port 7211.Novell GroupWise WebAccess is vulnerable to a stack-based buffer
overflow in the base64_decode function, caused by improper handling of an HTTP Basic authentication request by
GWINTER.exe in Novell GroupWise (GW) WebAccess.By sending at least 336 bytes of data content in an HTTP
Basic Authentication request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Signature ID: 32716
HTTP IIS Index ASP Source Disclosure
Threat Level: Severe
Signature Description: Microsoft Internet Information Server (IIS) 5.0, which ships with Windows 2000, could reveal