TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
791
Signature ID: 34384
Subversion Date Parsing Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0397
CVE-2004-0413 Bugtraq: 10386
Signature Description: Subversion is a version control project for all Linux and Unix-based operating systems.
Subversion versions 1.0.2 and prior are vulnerable to the stack based buffer overflow. By sending a specially-crafted
DAV2 REPORT query or get-dated-rev svn-protocol command to TCP port 3690 a remote attacker cause buffer
overflow. A remote attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of
the victim. Both client and server are vulnerable. The server is vulnerable over both httpd/DAV and svnserve (that is,
over http://, https://, svn://,svn+ssh:// and other tunneled svn+*:// methods). There are no workarounds except to
disallow public access. Update to version 1.0.3. Exploit attempts of this vulnerability are detected using a combination
of two signatures. This is the second signature and generate a log message.
Signature ID: 34385
Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0541 Bugtraq: 10500
Signature Description: Squid is a fully-featured Web Proxy Cache designed to run on Unix systems and supports
proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching,
access control lists and many other features. Squid Web Proxy Cache supports Basic, Digest and NTLM authentication.
Squid Web Proxy Cache 2.5 are vulnerable to this buffer overflow attack.The vulnerability exists within the NTLM
authentication helper routine, ntlm_check_auth() function. By sending an overly long password for authentication, Due
to a lack of bounds checking on the values copied to the pass variable, attacker can overflow the buffer and execute
arbitrary code. Patch for this issues is available, or Recompile Squid-Proxy with NTLM handlers disabled.
Signature ID: 34386
FreeBSD nfsd NFS Mount Request Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-0900 Bugtraq: 16838
Signature Description: FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley
Software Distribution (BSD) branch through the 386BSD and 4.4BSD operating systems. It runs on Intel x86 family
(IA-32) PC compatible computers, DEC Alpha, Sun UltraSPARC, IA-64, AMD64 etc. It works like UNIX, with
UNIX-compliant internals and system APIs. FreeBSD FreeBSD 6.0 version and prior are vulnerable to this Denial of
service attack. This vulnerability is caused due to a NULL pointer dereference error within the handling of NFS mount
requests. This can be exploited to cause a kernel panic via a request with a zero-length payload sent to the "nfsd"
daemon on port 2049/tcp. The NULL pointer deference allows a remote attacker capable of sending RPC messages to
an affected FreeBSD system to crash the FreeBSD system. Upgrade to the latest patch for FreeBSD, available from the
FreeBSD Web site. Please see the references for further details.
Signature ID: 34387
Asterisk SIP T.38 SDP Parsing Remote Stack Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2293
Bugtraq: 23648
Signature Description: Asterisk is the leading open source telephony engine and tool kit. It allows a number of attached
telephones to make calls to one another, and to connect to other telephone services including the public switched
telephone network (PSTN). It will runs on Linux, NetBSD, OpenBSD, FreeBSD, Mac OS X, and Solaris. Asterisk
Asterisk 1.4.2 and prior are vulnerable to this Denial of service attack. by sending a specially crafted SIP packet with
overly long SDP parameter "T38FaxRateManagement" within the "process_sdp()" function in chan_sip.c, user can