TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
793
resulting in a buffer overflow. A remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade the patch provided by oracle Corporation.
Signature ID: 34394
Samba NDR Parsing MS-RPC Request Handling Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-2446 Bugtraq: 25159,23973,24195,24196,24197,24198
Signature Description: Samba is a free software re-implementation of SMB/CIFS networking protocol. Samba 3.0.0
through 3.0.25rc3 is vulnerable to heap based overflow.This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Samba. The specific flaw exists in the parsing of RPC requests to any one of 1: LSA RPC
interface. 2: DFS RPC interface. 3: POOLSS RPC interface. 4: SRVSVC RPC interface. By specifying invalid values,
heap blocks can be overwritten leading to remote code execution without user interaction. This event generate for 445
TCP port.
Signature ID: 34395
Samba NDR Parsing MS-RPC Request Handling Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-2446 Bugtraq: 25159,23973,24195,24196,24197,24198
Signature Description: Samba is a free software re-implementation of SMB/CIFS networking protocol. Samba 3.0.0
through 3.0.25rc3 is vulnerable to heap based overflow.This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Samba. The specific flaw exists in the parsing of RPC requests to any one of 1: LSA RPC
interface. 2: DFS RPC interface. 3: POOLSS RPC interface. 4: SRVSVC RPC interface. By specifying invalid values,
heap blocks can be overwritten leading to remote code execution without user interaction. This event generate for 139
TCP port.
Signature ID: 34396
Microsoft Distributed Transaction Coordinator Heap Overflow
Threat Level: Information
Industry ID: CVE-2006-0034 Bugtraq: 17906
Signature Description: RPC (Remote Procedure Call) provides an inter-process communication mechanism that allows
a program running on one computer to seamlessly access services on another computer. RPC services listen on UDP
ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593. Additionally, they can listen on ports 80 and 443 if CIS or
RPC over HTTP is enabled. SDTCPRX.DLL functions as an RPC server inside the MSDTC.EXE process, with a
dynamic TCP port as its RPC endpoint and {906B0CE0-C70B-1067-B317-00DD010662DA} v1.0 as the sole interface
it provides. The function CRpcIoManagerServer::BuildContext, as called from BuildContextW (opnum 7) on Windows
2000 and Windows XP, and BuildContext (opnum 1) on Windows NT 4.0, contains a heap overflow vulnerability due
to a lack of input validation. Specifically, it attempts to overwrite its "pszGuidOut" argument, which corresponds to the
fifth string argument passed into BuildContext / BuildContextW, with a null GUID string. Because the length of the
destination string is not checked prior to the string copy, the heap block containing the RPC stub data can be
overflowed, potentially corrupting the adjacent heap block. The vulnerable copy operation is an intrinsic
"strcpy(arg_10,pszNULL_GUID)" on NT 4.0, and a "wcscpy(arg_28, pwszNULL_GUID)" call on Windows 2000.
With a carefully engineered overwrite, an attacker would be able to take any action on the system, including installing
programs, viewing, changing or deleting data, or creating new accounts with full privileges.
Signature ID: 34397
Mozilla Network Security Services Library Remote Heap Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0826 Bugtraq: 11015
Signature Description: Network Security Services (NSS) is a set of libraries designed to support cross-platform
development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and