TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
841
routers and switches. The Cisco Network Services (CNS) NetFlow Collection Engine (NFC) contains a default
password. Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 is vulnerable to a gain access.
A successful exploitation of this issue will allow an attacker to modify the application configuration and gain user
access to the target host operating system. This issue is fixed in 6.0 or later version. Administrators are advised to
update the latest version to resolve this issue. This signature specifically triggers using TCP service
Signature ID: 34792
ASN.1 buffer overflow attempt
Threat Level: Severe
Industry ID: CVE-2003-0818
Signature Description: Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and
devices for allowing the normalization and understanding of data across various platforms. A security vulnerability
exists in the Microsoft ASN.1 Library that could allow a remote attacker to execute arbitrary code on an affected
system. The vulnerability is caused due to improper buffer verifications in the Microsoft ASN.1 Library, which could
result in a buffer overflow. An attacker who successfully exploited this buffer overflow vulnerability could execute
arbitrary code with system privileges on an affected system. The attacker could then take any action on the system,
including installing programs, viewing data,changing data, deleting data or creating new accounts with full privileges.
More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648 (MS04-007). For this
vulnerability detection there are two signature and this is one of the signature with track state isset.
Signature ID: 34793
CA Multiple Products DBASVR RPC Server Crafted Pointer Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-5329 Bugtraq: 26015
Signature Description: Computer Associates BrightStor ARCServe BackUp is an overall data backup solution.
Multiple CA products are vulnerable to a stack based buffer overflow vulnerability.The problem specifically exists
within DBASVR.exe, the Backup Agent RPC Server. The vulnerability is due to failing to bound check user supplied
data in certain RPC requests. A remote unauthenticated attacker may leverage this vulnerability to inject and execute
arbitrary code on the target host with System level privileges. Administrators are advised to update the latest version to
resolve this issue.
Signature ID: 34796
Digium Asterisk IAX2 POKE Request Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3263
Bugtraq: 30321
Signature Description: Asterisk is the world leading open source PBXi, telephony engine, and telephony applications
toolkit. The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before
1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3 are vulnerable to denial of service.
This vulnerability is due to allocation of a finite number of non-expiring call numbers. A remote unauthenticated
attacker may exploit this vulnerability by sending a large volume of crafted POKE messages to the vulnerable system.
Successful attack could create a denial of service condition to the asterisk service. This issue is fixed in Asterisk 1.2.30,
1.4.21.2 versions and administrators are advised to update Asterisk 1.2.30, 1.4.21.2 versions to resolve this issue.
Signature ID: 34797
Microsoft Exchange Server iCal Properties Handling Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0039
Bugtraq: 23808
Signature Description: Microsoft Exchange Server handles calendar content requests, known as iCal. The Exchange
Collaboration Data Objects functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 are
vulnerable to a denial of service. This vulnerability is caused due to an Internet Calendar (iCal) file containing multiple