TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

801

802

803

804

805

806

807

808

809

810

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

802

the system.Exploit attempts of this vulnerability are detected using a combination of two signatures. This is the second

signature and generate a log message.

Signature ID: 34489

Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-2170

Bugtraq: 23532

Signature Description: Oracle Database consists of a collection of data managed by an Oracle database management

system. Oracle Database is vulnerable to a buffer overflow. Oracle Database Server provides the

DBMS_SNAP_INTERNAL package that contains procedures used internally by oracle. Some procedures of this

package have the parameters SNAP_OWNER and SNAP_NAME. These parameters are vulnerable to buffer overflow

and exploited to Denial of service.

Signature ID: 34490

MIT Kerberos kadmind RPC Library Uninitialized Pointer Code Execution

Threat Level: Warning

Industry ID: CVE-2007-2442 Bugtraq: 24655

Signature Description: Kerberos is a network-authentication protocol. It is designed to provide strong authentication

for client/server applications by using secret-key cryptography. The MIT Krb5 Kerberos (MIT, Kerberos 5-1.4 through

5-1.6.2) administration daemon is vulnerable to a uninitialized pointer free vulnerability in the gssrpc_svcauth_gssapi

function. By sending a specially-crafted zero-length RPC credential request, a remote attacker could execute arbitrary

code on the system.

Signature ID: 34491

Sun Microsystems Java System Web Proxy sockd Daemon Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-2881 Bugtraq: 24165

Signature Description: Socks is a network protocol that provides a framework that allows client-server applications to

securely use network firewall services. Sun Java System Web Proxy Sever (Sun Java System Web Proxy Server 4.0.4

and prior) is vulnerable to multiple stack-based buffer overflow. By sending specially-crafted packets to the SOCKS

server on TCP port 1080, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause

the server to crash.

Signature ID: 34493

CA BrightStor ARCserve Backup Tape Engine RPC Procedure Memory Corruption

Threat Level: Warning

Industry ID: CVE-2007-1447 Bugtraq: 22994

Signature Description: Computer Associates Brightstor ARCserve Backup products provide backup and restore

protection for windows, Netware, Linux, Unix server as well as Windows, Mac OS X, Linux, Unix, As/400, and VMS

clients. Computer Associates Brightstor ARCserve Backup (version 11.5 and earlier) are vulnerable to denial of

service. By sending a specially-crafted RPC request arguments within the Tape Engine service can be exploited to

cause a memory corruption, a remote attacker could execute arbitrary code on the system. This rule is a track state rule

and sets the track "state dce.rpc" when the conditions are satified as specified in the rule string. This rule hits for the

attack pattern towards the destination port 6502 found and the "dce.rpc" track state is active.

Signature ID: 34494

IBM Lotus Domino LDAP Server Invalid DN Message Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2007-1739 Bugtraq: 23174