TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
830
Signature ID: 34720
Microsoft Windows DNS Server RPC Interface Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-1748 Bugtraq: 23470
Signature Description: Microsoft Windows DNS Server service is a domain name service daemon included with
Windows 2000, XP, 2003, and Vista. The Microsoft Windows Domain Name System (DNS) Server is vulnerable to a
stack-based buffer overflow in the RPC interface. By sending a specially-crafted Remote Procedure Call packet to a
vulnerable system. A remote attacker could overflow a buffer and execute arbitrary code on the system with system
privileges. Apply the patches available from microsoft security Bulletin.
Signature ID: 34721
Microsoft Windows RPC Memory Allocation Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3644 Bugtraq: 15460
Signature Description: UPnP technology extends Plug and Play to simplify the networking of intelligent devices. When
devices incorporating UPnP technology are physically connected to the network, they connect automatically to one
another over the network, without the need for user configuration. GetDeviceList in UPnP for Microsoft Windows
2000 SP4 and earlier, and possibly Windows XP SP1 and earlier are Vulnerable to memory consumption via a DCE
RPC request with large out put buffer size. user can Restrict access to the affected systems using a firewall.
Signature ID: 34722
Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-4691 Bugtraq: 20985
Signature Description: Workstation service route both local file system requests and remote file or print network. This
service determines where the resource is located and then routes the request to the local file system or to the networking
components. When the Workstation service is stopped, all requests are assumed to be local requests. Microsoft
Windows is vulnerable to a buffer overflow in the Workstation service, caused by improper bounds checking by the
NetpManageIPCConnect function. By sending a specially-crafted message to an affected system, a remote attacker
could overflow a buffer and execute arbitrary code on the system with system privileges.
Signature ID: 34723
Linux/Unix Apache auth_ldap Module Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0150 Bugtraq: 16177
Signature Description: Apache web server auth_ldap allows remote attackers to execute arbitrary code. Attackers
passes a Long username(more than of 35 characters) to the web-server, and Apache web-server validates the username
with the help of ldap server. Apache uses ldap module to prepare ldap request. While preparing auth_ldap may fail
because of buffer overflow
Signature ID: 34724
Microsoft Windows srv.sys Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3942
Bugtraq: 19215
Signature Description: SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial
ports, and communications abstractions such as named pipes and mail slots between computers. Multiple versions of
Microsoft Windows are vulnerable to a denial of service attack, caused by SMB_COM_TRANSACTION SMB
message that contains a string without null character termination, which leads to a NULL dereference in the execute