TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

791

792

793

794

795

796

797

798

799

800

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

795

Internet-standard protocols(e.g IMAP, iCalendar, POP, SMTP), across a large enterprise, or to a large group of users

who are not particularly associated. Novell Netmail, version <=3.52d, is a stack-based buffer overflow vulnerability.

The issue is triggered when an attacker sending overly long string in a 'AUTHENTICATE GSSAPI' Command to the

IMAP service. The successful exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the

system.

Signature ID: 34450

HP-UX FTP Server Preauthentication Directory Listing Vulnerability

Threat Level: Warning

Industry ID: CVE-2005-3296

Bugtraq: 15138

Signature Description: HP-UX is a Unix-based operating system for the HP(Hewlett-Packard) 9000 series of business

servers. The FTP server included with HP-UX is prone to a vulnerability that may be leveraged by unauthenticated

attackers to obtain directory listings. The signature detects when an attacker sending specially crafted data to list

directories. The successful exploitation may allow an attacker to disclose the sensitive information. The affected

version of HP-UX are 10.20, B.11.00, and B.11.11. The issue is fixed in the version of HP-UX B.11.04. The

administrators are advised to update the latest version of HP-UX B.11.04 or later for resolve the issue.

Signature ID: 34451

EMC Legato NetWorker Remote Exec Service Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2007-3618 Bugtraq: 25375

Signature Description: EMC Legato Networker is a centralized data protection system available for multiple

<br>operating platforms. EMC Legato Networker is EMC Legato Networker version 7.0.0-7.3.2) is<br>vulnerable to

stack based buffer overflow. By sending an overly long invalid to a poll or kill request will cause a buffer overflow

during a subsequent 'sprintf() call and improper handling of malformed RPC requests to RPC program number 390113

on TCP port 111 for service #0x5f3e1, version 1. A remote attacker could overflow a buffer and execute arbitrary code

on the system or cause the application to crash.

Signature ID: 34452

Microsoft Windows Client Service for Netware Vulnerabilities

Threat Level: Warning

Industry ID: CVE-2006-4688

Bugtraq: 21023

Signature Description: Client Service for Netware (CSNW) is used with NT Workstation and Win 95 it allow direct

connections to file and print resources on Netware Servers and It supports both Bindery and NDS. Microsoft Client

Service for Netware (CSNW) is vulnerable to a buffer overflow. By sending a specially-crafted message to the CSNW

service on an affected system, a remote attacker could overflow a buffer and execute arbitrary code on the system and

stop the responding message.

Signature ID: 34453

Microsoft WebDAV XML Message Handler Denial of Service

Threat Level: Severe

Industry ID: CVE-2003-0718 Bugtraq: 11384

Signature Description: WebDAV(Web-based Distributed Authoring and Versioning) is an extension to the Hypertext

Transfer Protocol(HTTP) that allows users to collaboratively edit and manage files on remote world wide web servers.

WebDAV Microsoft Internet Information Services (Microsoft Internet Information Services 5.0,5.1 and 6.0) allows

remote attacker to cause denial of service via sending a POPFIND request with an XML message containing XML

elements with a large number of attributes.