TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
801
Signature Description: McAfee WebShield SMTP is an anti-virus protection and content blocking software solution for
the internet gateway. It can scan SMTP traffic without disrupting other systems such as firewalls or mail servers.
McAfee WebShield SMTP acts as an SMTP server. McAfee WebShield SMTP (McAfee, WebShield SMTP 4.5
MR1a) is a format string vulnerability in the destination email address. If the message contain an invalid(such as
%s,%n etc.) destination e-mail address that does not follow the SMTP specifications, it terminate the SMTP Service
causing a denial of service.
Signature ID: 34482
IBM Tivoli Directory Server LDAP Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2006-0717
Bugtraq: 16593
Signature Description: LDAP (Lightweight Directory Access Protocol) is an Internet protocol that email and other
programs use to look up information from a server. The Lightweight Directory Access Protocol implementation in IBM
Tivoli Directory Server (IBM, Tivoli Directory Server 6.0) is vulnerable to a denial of service. By sending a specially-
crafted bind request with a large string to the LDAP Server port 389, a NULL pointer dereference occurs, a remote
attacker could cause a denial of service or crash of the process.
Signature ID: 34485
MIT Kerberos V5 krb5_recvauth Double Free Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1689 Bugtraq: 14239
Signature Description: MIT Kerberos is a network-authentication protocol designed to provide strong authentication
for client/server applications by using secret-key cryptography. It is available for Microsoft Windows, Unix, and Linux
operating systems. MIT Kerberos 5 (MIT, Kerberos 5-1.4.1 and prior) is a double-free vulnerability. The issue exits in
revcauth_common() helper function on TCP port 543. The issue occurs when the software checks the 'sendauth' version
and 'application' version string comparison fails, then the attacker could send the BAD sendauth version.
Signature ID: 34486
Multiple Vendor AV Gateway Virus Detection Bypass
Threat Level: Warning
Industry ID: CVE-2005-0218 Bugtraq: 12269
Signature Description: Multiple vendor anti-virus gateway products are reported prone to a security weakness that
could lead to a false sense of security. By sending malicious files, which are base64 encoded and embedded in HTML
file that files are not reported that the affected anti-virus gateways do not decode base64-encoded images that are
contained in 'data' URIs (data is a new URI schema, it allows inclusion of small data items as "immediate" data, as if it
had been included externally.). A remote attacker may exploit this weakness to obfuscate malicious files or images. The
Affected version is Clam Anti-Virus ClamAV 0.80 and earlier.
Signature ID: 34488
Computer Associates BrightStor ARCserve Backup Tape Engine RPC Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0168
Bugtraq: 22010
Signature Description: Computer Associates Brightstor ARCserve Backup products provide backup and restore
protection for windows, NetWare, Linux, and Unix servers as well as Windows, Mac OSX, Linux, Unix, and VMS
clients. CA Brightstor ARCServe Backup is prone to a remote code execution caused by a vulnerability in the handler
function for RPC opnum "0xBF" in the Tape Engine service. By sending specially-crafted packets to the RPC interface
on a vulnerable system on TCP port 6502, a remote attacker could exploit this vulnerability to execute arbitrary code on