TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
76
very insecure style. The attacker can execute arbitrary code on the delegate server through the delegate port(s), or
malicious servers which a user accesses using the delegate proxy. This code will run as the user ID of the 'delegated'
process, the unchecked buffers that could be exploited to remotely compromise the server. E.g. whois://a b 1
AAAA..AAAAA. This problem may allow an attacker to gain a shell on this computer and can able to mount a local
attack to further upgrade the access privileges.
Signature ID: 429
IIS Fronpage fp30reg.ll Chunked Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0341 CVE-2003-0822 Bugtraq: 2906,9007 Nessus: 10699
Signature Description: Microsoft FrontPage is a HTML editor and web site administration tool from Microsoft for
Windows. Front Page Server Extensions allows Microsoft FrontPage clients to communicate with web servers, and
provide additional functionality intended for websites. Microsoft FrontPage Server Extensions (FPSE) for Windows
NT and Windows 2000 is vulnerable to a buffer overflow in the Visual Studio RAD (Remote Application Deployment)
Support sub-component. FrontPage Server Extensions are used in Microsoft Internet Information Server (IIS) versions
4.0 and 5.0. The DLL fp30reg.dll in FPSE when receives a URL request that is longer than 258 bytes and Transfer-
Encoding header contains chunked data, a stack based buffer overflow will occur. An attacker could exploit this
vulnerability to execute arbitrary code on the system and possibly gain complete control over the affected Web server.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS03-051.
Signature ID: 431
Microsoft Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2001-0500 Bugtraq: 2880 Nessus: 10685,10695,10713
Signature Description: Mirossoft Internet Information Services (IIS) is a web server application for Windows platform.
A remotely exploitable buffer overflow vulnerability exists in the ISAPI (Indexing Service Application Programming
Interface) extension (IDQ.DLL) installed with most versions of IIS 4.0 and 5.0. As part of installation process, IIS
installs IDQ.DLL though it is a component of Index Server (known in Windows 2000 as Indexing Service) and
provides support for administrative scripts (.ida files) and Internet Data Queries (.idq files). The vulnerability results
because idq.dll contains an unchecked buffer in a section of code that handles input URLs. The buffer overrun occurs
before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing
Service, the service would not need to be running in order for an attacker to exploit the vulnerability. Remote attackers
can exploit this vulnerability to gain complete control of an affected server by sending a specially crafted request for
.ida or .idq files. Successful exploitation results in execution of arbitrary code on the victim machine with SYSTEM
privileges. "Code Red" and "Code Red II" worms actively exploited this vulnerability.
Signature ID: 432
Oracle Application Server Shared Library Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2001-0419
Bugtraq: 2569 Nessus: 10654
Signature Description: An exploitable buffer overflow exists in a shared library which is being shipped with Oracle
Application Server 4.0.8.2, and used by iPlanet Web Server if it is configured as external web-listener. Overflow
happens when a long string is requested with prefix that has been 'linked' to OAS (by default it is /jsp/). which is then
passed to the library routines to be processed. Buffer size is around 2050-60 bytes.
Signature ID: 433
OpenLink 3.2 Web Config Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0943 Nessus: 10169