TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
831
transaction function, possibly related to an SMB PIPE. Update the patches available from vendors web site. This
signature detects using the port 445/TCP.
Signature ID: 34725
Microsoft Windows srv.sys Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3942 Bugtraq: 19215
Signature Description: SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial
ports, and communications abstractions such as named pipes and mail slots between computers. Multiple versions of
Microsoft Windows are vulnerable to a denial of service attack, caused by SMB_COM_TRANSACTION SMB
message that contains a string without null character termination, which leads to a NULL dereference in the execute
transaction function, possibly related to an SMB PIPE. Update the patches available from vendors web site. This
signature detects using the port 139/TCP.
Signature ID: 34726
Microsoft Windows NBT/SMB Mailslot Remote Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-1314 Bugtraq: 18863
Signature Description: SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial
ports, and communications abstractions such as named pipes and mail slots between computers. A mailslot is a
temporary mechanism that can facilitate data transfer between hosts. A mailslot can use either the TCP or UDP
protocol. Heap-based buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server
2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot
messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. Upgrade
the patches available from microsoft Security Bulletin MS06-063.
Signature ID: 34728
Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0715 Bugtraq: 8458
Signature Description: Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC
provides an inter-process communication mechanism that allows a program running on one computer to seamlessly
access services on another computer. The particular vulnerability affects the Distributed Component Object Model
(DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent
from one machine to another. The failure results because of incorrect handling of malformed messages. This particular
failure affects the underlying RPCSS Service used for DCOM activation, which listens on UDP ports 135, 137, 138,
445 and TCP ports 135, 139, 445, 593. Additionally, it can listen on ports 80 and 443 if CIS or RPC over HTTP is
enabled. An attacker who successfully exploited these vulnerabilities could be able to run code with Local System
privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any
action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with
full privileges.
Signature ID: 34729
Symantec VERITAS Storage Foundation Administrator Service Buffer Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0638
Bugtraq: 25778
Signature Description: Veritas Storage Foundation for Windows 5.1 provides an easy-to-use solution for online
heterogeneous storage management. Based on the industry-leading Veritas Volume Manager,it provides a standard set
of integrated tools to centrally manage explosive data growth, maximize storage hardware investments, provide data
protection, and adapt to changing business requirements. Symantec Veritas Storage Foundation 5.0 is vulnerability to