TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
800
servers. IBM Tivoli Storage Manager (IBM, Tivoli Storage Manager prior to 5.2.9 and prior to 5.3.4) are vulnerable to
a buffer overflow. By processing the initial sign-on request contains a field to specify the language(dscenu.txt), the
language sting is no longer than 100 bytes. If the first byte of the language string is 0x18 a fixed sized buffer will be
overrun on TCP port 1500, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Signature ID: 34476
Computer Associates BrightStor ARCserve Backup Tape Engine RPC GetGroupStatus Buffer
Overflow
Threat Level: Severe
Industry ID: CVE-2006-6917 Bugtraq: 22006
Signature Description: Computer Associates BrightStor ARCserve Backup is a backup and data retention tool that
integrates with other Brightstor data availability and Brightstor Storage Management solutions. The tapeeng.dll and
tapeutil.dll used by the Tape Engine RPC. CA BrightStor ARCserve (CA BrightStor ARCServe R11.5) is vulnerable to
a buffer overflow. By sending an specially crafted packet to the service on TCP port 6502, a remote attacker could
overflow a buffer and execute arbitrary code on the system. Exploit attempts of this vulnerability detected using a
combination of two signatures, this is second signature and generate log message.
Signature ID: 34477
Sun Directory Server LDAP Denial of Service
Threat Level: Information
Industry ID: CVE-2006-0647 Bugtraq: 16550
Signature Description: Lighweight Directory Access Protocol (LDAP) is a protocol for accessing network based
directories. Sun Directory Server LDAP (Sun, Java System Directory Server 5.2) is vulnerable to denial of service via
LDAP messages with too many DN (Distinguished Name) elements. Every entry in the directory has a distinguished
name. The DN is the name that uniquely identifies an entry in the directory. A DN is made up of attribute=value pairs,
separated by commas (such as dc=example,dc=com). Attackers could construct a LDAP request that contains large
number of (such as dc>40,000 bytes) DN elements separated by comma which allows remote attackers to crash the
application causing a denial of service.
Signature ID: 34480
Microsoft Distributed Transaction Controller TIP Denial of Service
Threat Level: Warning
Industry ID: CVE-2005-1979
Bugtraq: 15058
Signature Description: The Distributed Transaction Controller(DTC) provides a method for disparate process to
complete atomic transactions. The Distributed Transaction Controller is vulnerable to a denial of Service. The
vulnerability specifically exists because of the functionality in the TIP protocol (The Transaction Internet Protocol
(TIP) is one the ways that the DTC service can be accessed.) that allows a remote IP address and port number to be
specified for a connection. The DoS can be triggered by sending a command sequence that causes the DTC service to
connect back to a hostile server. If the hostile server sends an unexpected protocol command during the reconnection
request, the DTC service will throw an exception and exit on TCP port 3372 (such as DTC service to connect to an
arbitrary host and process commands like as IDENTIFY command, it identify the host and port number. Push
command, it can push the some text. If failure of the connection the transaction can be aborted. Then the primary can
send ABORT, COMMIT, or PREARE command). Exploit attempts of this vulnerability detected using a combination
of three signatures, this is third signature and generate log message.
Signature ID: 34481
McAfee WebShield SMTP Bounce Message Format String Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-0559 Bugtraq: 16742