TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
794
v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
SSL provides communication security between two hosts. It provides integrity, authentication and confidentiality. It is
used most commonly in web browsers, but can be used with any protocol that uses TCP as the transport layer NSS is
vulnerable to heap based buffer overflow due to parsing error in SSLv2 packet during client hello message. When a
SSL message is sent with padding bits, this heap based overflow will occure, Please refer Sun Alert ID 57632 and HP
released advisory HPSBUX01070 for fix information.
Signature ID: 34398
McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1357
Bugtraq: 28228
Signature Description: McAfee ePolicy Orchestrator (ePO) delivers real-time information and application integration
for network, desktop, and server security. McAfee ePolicy Orchestrator version 3.6.0.569 is vulnerable to denial of
service attack. The vulnerability is caused due to a format string error within the McAfee Framework Service
(FrameworkService.exe). By sending specially crafted packets containing format string specifiers sent to default port
8082/UDP user can overflow buffer. This vulnerability exists on all versions of CMA for Windows where the user has
changed the default debug level of 7 to its highest level of 8. When the datasize of Agentwakeup exceeds a particular
limit this exploit will trigger. Vendor has issued patches for this issue and if user keeps the default debug level to 7 or
low, he can avoid this DOS attack.
Signature ID: 34399
SAP MaxDB Remote Arbitrary Commands Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0244 Bugtraq: 27206
Signature Description: SAP MaxDB is the database management system developed and supported by SAP AG. SAP
MaxDB is available on Microsoft Windows, Linux and Unix, and for the most prominent hardware platforms. It is able
to run terabyte-range data in continuous operation. SAP MaxDB 7.6.03 build 007 and prior are vulnerable to the remote
code execution. The MaxDB server executes "cons.exe DATABASE COMMAND" through system() when some
special commands are called by the user. When user uses system() for executing the cons program, it allows an external
unauthenticated attacker to execute any command he wants on the target SAP MaxDB server simply by passing the
"&&" or other patterns for the execution of multiple commands in the shell. Still no patch details are available to
resolve this issue. This signature detects attack traffic with show, exec_sdbinfo, dbm_getpath, db_create, hss_execute
commands.
Signature ID: 34415
Yahoo Music Jukebox datagrid.dll ActiveX Control Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0623 Bugtraq: 27579
Signature Description: Yahoo Jukebox is Yahoo's popular music for microsoft windows.Part of its functionality is
provided by ActiveX controls,datagrid.dll.Yahoo Jukebox Activex Control(Yahoo! Music Jukebox 2.2.2.058) is
vulnerable to a buffer overflow via addbutton method. A malicious web page that instantiated by control could trigger
vulnerabilitie, allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately user can
the kill bit for ActiveX control CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C.
Signature ID: 34446
Novell NetMail IMAP Authenticate Buffer Overflow Vulnerability
Threat Level: Severe
Bugtraq: 27567
Signature Description: Novell Netmail is designed to deliver scalable messaging and calendaring services, using