TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
790
persuading a victim to visit a specially-crafted web page having UTF-16 encoded data. Set killbit to the clsid
corresponding to the progid ACTIVEVOICEPROJECTLib.DirectSS to resolve this issue.
Signature ID: 34356
SUN-RPC CA BrightStor ARCserve RPC Request Buffer Overflow exploit
Threat Level: Severe
Industry ID: CVE-2007-2139
Bugtraq: 23635
Signature Description: Computer Associates BrightStor ARCserve Media Server is vulnerable to multiple stack-based
buffer overflows, caused by improper parsing by the SUN RPC service. By sending specially-crafted RPC strings, a
remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the
application to crash.
Signature ID: 34371
Novell iPrint Client ienipp.ocx ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0935 Bugtraq: 27939
Signature Description: Novell iPrint is a printing technology from Novell that allows users to submit print jobs from
web browsers to remote printers using the Internet Printing Protocol (IPP). It provides you global access to printers,
customizable views of any print environment, flexible print deployment configurations and secure printing. Novell
iPrint Client version 4.26 and 4.32 and prior versions are vulnerable to buffer overflow attack. The issue occurs when
processing overly long arguments passed to the ExecuteRequest() method. By persuading the victim to visit a specially-
crafted Web page, a remote attacker could overflow a buffer and execute arbitrary code on the system. Upgrade to the
latest version of iprint client (version 4.34 or later) available from the vendor site. Alternately user can set the kill bit to
disable ActiveX for CLSID 36723f97-7aa0-11d4-8919-ff2d71d0d32c
Signature ID: 34377
Downloading files from keepmyfile.com
Threat Level: Warning
Signature Description: Keepmyfile.com, it is used for free Image Hosting and File Hosting in the internet. You can
share and download the images, screen shots, word documents, sound files, etc using this feature. No registration is
required for the primary service. If your file does not get accessed over a period of 40 days it will eventually be deleted.
This rule generates an alert message when user tries to download and save the files from keepmyfile.com website.
Administrators are advised to change the action mapping of the signature to utilize the bandwidth efficiently.
Signature ID: 34382
CA BrightStor ARCserve Backup Multiple Vulnerabilities
Threat Level: Warning
Industry ID: CVE-2007-5325 CVE-2007-5326 CVE-2007-5327 CVE-2007-5328 CVE-2007-5329 CVE-2007-5330
CVE-2007-5331
CVE-2007-5332 Bugtraq: 26015,24680,24017
Signature Description: Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker
to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities, CVE-2007-
5325, CVE-2007-5326, and CVE-2007-5327, occur due to insufficient bounds checking by multiple components. The
second vulnerability, CVE-2007-5328, occurs due to privileged functions being available for use without proper
authorization. The third set of vulnerabilities, CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-
5332, are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services.
The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.