TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
84
Signature ID: 579
Arbitrary file read attempt from NTMail web interfaceFileRead
Threat Level: Information
Industry ID: CVE-1999-0927 Bugtraq: 0279
Signature Description: Gordano's NTMail is a Windows NT mail server program. One of its features is allowing
administrators to configure the server and users to read their email with a web browser via a built-in web server.
Gordano NTMail 4.2 is vulnerable to access sensitive information. A successful exploitation of this vulnerability
allows an attacker to access sensitive information on the vulnerable system. This issue is fixed in Gordano NTMail 4.3.
Administrators are advised to update Gordano NTMail 4.3 version or later version to resolve this vulnerability.
Signature ID: 581
MS-DOS Device Names Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0386 CVE-2001-0493 CVE-2001-0391 CVE-2001-0558 CVE-2002-0200 CVE-2000-01
CVE-2003-0016 CVE-2001-0602 CVE-2003-0421 CVE-2003-0502 Bugtraq:
1043,2575,2608,2622,2649,2704,3929,6659,6662 Nessus: 10930
Signature Description: This rule tries to detect DOS Device Name (DDN) DoS vulnerability for DOS Based Operating
Systems like MSDOS, Windows 95, 98. DOS device names (DDNs) are reserved names for common input and output
devices. For example, AUX (First connected serial port), CON (Keyboard and screen), etc., These DOS-devices can be
accessed through web server and if this is done, a process will be opened to handle the execution of particular device
driver. The vulnerability is that this processing did not finish and if some more requests have been made, the server will
no longer answer requests to port 80 resulting in a denial of service.This signature detects access to first connected
serial port.
Signature ID: 582
MS-DOS Device Names Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0386 CVE-2001-0493 CVE-2001-0391 CVE-2001-0558 CVE-2002-0200 CVE-2000-01
CVE-2003-0016 CVE-2001-0602 CVE-2003-0421 CVE-2003-0502 Bugtraq:
1043,2575,2608,2622,2649,2704,3929,6659,6662 Nessus: 10930
Signature Description: This rule tries to detect DOS Device Name (DDN) DoS vulnerability for DOS Based Operating
Systems like MSDOS, Windows 95, 98. DOS device names (DDNs) are reserved names for common input and output
devices. For example, AUX (First connected serial port), CON (Keyboard and screen), etc., These DOS-devices can be
accessed through web server and if this is done, a process will be opened to handle the execution of particular device
driver. The vulnerability is that this processing did not finish and if some more requests have been made, the server will
no longer answer requests to port 80 resulting in a denial of service. This signature detects access to Keyboard and
screen.
Signature ID: 583
MS-DOS Device Names Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0386 CVE-2001-0493 CVE-2001-0391 CVE-2001-0558 CVE-2002-0200 CVE-2000-01
CVE-2003-0016
CVE-2001-0602 CVE-2003-0421 CVE-2003-0502 Bugtraq:
1043,2575,2608,2622,2649,2704,3929,6659,6662 Nessus: 10930
Signature Description: This rule tries to detect DOS Device Name (DDN) DoS vulnerability for DOS Based Operating
Systems like MSDOS, Windows 95, 98. DOS device names (DDNs) are reserved names for common input and output
devices. For example, AUX (First connected serial port), PRN (First connected parallel port), etc., These DOS-devices
can be accessed through web server and if this is done, a process will be opened to handle the execution of particular
device driver. The vulnerability is that this processing did not finish and if some more requests have been made, the