TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
86
Systems like MSDOS, Windows 95, 98. DOS device names (DDNs) are reserved names for common input and output
devices. For example, AUX (First connected serial port), LPT1 (Parallel port) etc., These DOS-devices can be accessed
through web server and if this is done, a process will be opened to handle the execution of particular device driver. The
vulnerability is that this processing did not finish and if some more requests have been made, the server will no longer
answer requests to port 80 resulting in a denial of service. This signature detects access to Parallel port 1.
Signature ID: 588
MS-DOS Device Names Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0386 CVE-2001-0493 CVE-2001-0391 CVE-2001-0558 CVE-2002-0200 CVE-2000-01
CVE-2003-0016
CVE-2001-0602 CVE-2003-0421 CVE-2003-0502 Bugtraq:
1043,2575,2608,2622,2649,2704,3929,6659,6662 Nessus: 10930
Signature Description: This rule tries to detect DOS Device Name (DDN) DoS vulnerability for DOS Based Operating
Systems like MSDOS, Windows 95, 98. DOS device names (DDNs) are reserved names for common input and output
devices. For example, AUX (First connected serial port), LPT2 (Parallel port) etc., These DOS-devices can be accessed
through web server and if this is done, a process will be opened to handle the execution of particular device driver. The
vulnerability is that this processing did not finish and if some more requests have been made, the server will no longer
answer requests to port 80 resulting in a denial of service. This signature detects access to Parallel port 2.
Signature ID: 591
PHP-Nuke sql_debug Information Disclosure vulnerability
Threat Level: Information
Industry ID: CVE-2002-2032 Bugtraq: 3906 Nessus: 10856
Signature Description: PHP-Nuke is a web-based automated news publishing and content management system based
on PHP and MySQL. The system is fully controlled using a web-based user interface. It is one of the most popular tool
for crating game clan websites. PHP-Nuke(PHP-Nuke versions 5.4 and earlier) could allow a remote attacker to view
internal SQL queries, caused by a vulnerability in the debugging feature in the sql_layer.php script. The sql_layer.php
script contains a debugging feature(sql_debug) which allows users to display information about all SQL queries. An
attacker can use this vulnerability to disclose sensitive information about the database.
Signature ID: 592
SHOUTcast Server buffer overflow vulnerability
Threat Level: Information
Industry ID: CVE-2001-1304 Nessus: 10717
Signature Description: SHOUTcast consists of a client-server model, with each component communicating via a
network protocol that intermingles audio data with metadata such as song titles and the station name. SHOUTcast
Server 1.8.2 is vulnerable to stack based buffer overflow via several http requests with a long. A successful exploitation
of this vulnerability allows an attacker to execute arbitrary commands on the vulnerable system. No remedy available
as of September 13, 2008.
Signature ID: 593
Pocsag default 'password' login
Threat Level: Information
Industry ID: CVE-2000-0225 Bugtraq: 1032 Nessus: 10341
Signature Description: POC32 is a program designed to decode POCSAG pager messages captured via scanning the
pager frequencies. These encoded messages are then transferred to the computer via audible signal, and decoded and
displayed by the POC32 software. POC32 2.0 5 is vulnerable to a default password access. This vulnerability is due to
POCSAG POC32 program does not properly prevent remote users from accessing its server port, even if the option has
been disabled. A successful exploitation of this vulnerability allows an attacker to access sensitive information on the