TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

801

802

803

804

805

806

807

808

809

810

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

803

Signature Description: IBM Lotus Domino LDAP Domino server software provides email, calender, scheduling and

collaboration services. IBM Lotus Domino (IBM, Lotus Domino 6.5 and 7.0 versions) are vulnerable to a heap-based

buffer overflow caused by the LDAP server. By sending a specially-crafted Distinguished Name message with string

length larger than 65535 bytes, a remote attacker could overflow a buffer and execute arbitrary code on the system.

Signature ID: 34495

MIT Kerberos kadmind RPC Library Unix Authentication Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-2443 Bugtraq: 24657

Signature Description: MIT Kerberos is a suite of applications and libraries designed to implement the kerberos

network-authentication protocol. It is freely available and operates on numerous platforms. MIT Kerberos (MIT,

Kerberos 5-1.6.1 and prior) are vulnerable to a stack-based buffer overflow caused by an inter conversion error in the

gssrpc_svcauth_unix() function. By sending a RPC request and negative length value, a remote attacker could overflow

a buffer and execute arbitrary code on the system. or cause the daemon to crash.

Signature ID: 34496

Ingres Database Communications Server Component Heap Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-3334 Bugtraq: 24585

Signature Description: Ingress Database Server is a database server included in CA(Computer Associates) eTrust

Secure Content Manager. The application is available for Microsoft Windows. Ingress Database Sever is vulnerable to

a heap-based buffer overflow in the QUremove and QUinsert functions in the igcc.exe(Ingress communications Server

Process). By sending a specially-crafted series of packets on TCP port 21064, a remote attacker could overflow a buffer

and executes arbitrary code on the system. Apply the Patch available.

Signature ID: 34497

Oracle Database Server XDB PITRIG TRUNCATE and DROP Procedures SQL Injection

Vulnerability

Threat Level: Warning

Bugtraq: 27229

Signature Description: Oracle Database Server is a commercial relational database application suite. Oracle Database

(Oracle Database 11g, version 11.1.0.6, Oracle 10g, version 10.2.0.3,10.2.0.2) are vulnerable to denial of service. The

Input passed via the first argument to the XDB.XDB_PITRIG_PKG.PITRIG_DROP and

XDB.XDB_PITRIG_PKG.PITRIG_TRUNCATE procedures is not properly sanitized before being used in SQL

queries, a remote attacker could execute arbitrary SQL code.

Signature ID: 34498

Oracle Database Server XDB PITRIG_TRUNCATE Procedure Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2008-0339 Bugtraq: 27229

Signature Description: Oracle Database Server is a commercial relational database application suite. Oracle Database

(Oracle Database 11g, version 11.1.0.6, Oracle 10g, version 10.2.0.3,10.2.0.2) are vulnerable to a buffer overflow. By

sending an overly long argument to the affected XDB.XDB_PITRIG_PKG.PITRIG_TRUNCATE and

XDB.XDB_PITRIG_PKG.PITRIG_DROP procedures, a remote attacker could overflow a buffer and execute arbitrary

code on the system.