TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

861

862

863

864

865

866

867

868

869

870

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

861

will occur. The ARJ archive file format is too flexible, especially in the file name field in the local header. This file

name is stored as a null-terminated string and limited only by the overall size of the local header (local header size is

stored as a 16-bit value and is limited to 2,600 bytes only). Exploit attempts of this vulnerability detected using a

combination of two signatures, this is second signature and generate log message.

Signature ID: 34909

Macromedia JRun 4.x Server File Disclosure Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0928 Bugtraq: 11245

Signature Description: ColdFusion is an application server and software development framework used for the

development of computer software in general, and dynamic web sites in particular. Macromedia ColdFusion MX

versions 6.1 J2EE and JRun version 4.0 are vulnerable. It could allow a remote attacker to bypass access restrictions

and obtain sensitive information, caused by a vulnerability in the JRun server. By sending a specially-crafted URL

request for a file and appending a specific file extension, such as '.cfm'. A remote attacker could view the source of a

file that has a non-Macromedia extension, such as .php or .asp or .pl.

Signature ID: 34910

Squid ASN.1 Header Parsing Denial of Service vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0918 Bugtraq: 11385

Signature Description: Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up

a web server by caching repeated requests, to caching web, DNS and other computer network lookups for a group of

people sharing network resources, <br>to aiding security by filtering traffic. Squid Web Proxy Cache versions 2.5-

STABLE5 and 3.0-PRE3-20040702 and possibly earlier versions, compiled with SNMP support, are vulnerable to a

denial of service attack The asn_parse_header function in the snmplib/asn1.c file improperly validates negative length

fields. By sending a specially-crafted UDP packet, a remote attacker could cause the server to crash.

Signature ID: 34912

SpamAssassin Malformed Email Header Denial of Service vulnerability

Threat Level: Warning

Industry ID: CVE-2005-1266 Bugtraq: 13978

Signature Description: SpamAssassin is a computer program released under the Apache License 2.0 used for e-mail

spam filtering based on content-matching rules, which also supports DNS-based, checksum-based and statistical

filtering, supported by external programs and online databases. Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 are

vulnerable. Apache SpamAssassin allows remote attackers to cause a DOS via a message with a long Content-Type

header. The attacker will send packet with content-type header filed value is very long and with invalid content. There

is no without any boundaries checking so the CPU consumption will increase and slowdown.

Signature ID: 34914

Adobe Acrobat Reader eBook plug-in Format String Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-1153

Signature Description: Adobe Acrobat Reader is a program used for reading PDF files. Acrobat Reader version 6.0.2

and earlier versions are vulnerable to a format string attack. By sending a .etd file containing format strings in the

baseurl fields, a remote attacker could execute arbitrary code on the system, with user privileges, once the file is

opened. A remote attacker could exploit this vulnerability by sending the malicious file to a victim in an email. Patches

are available at vendor website. Exploit attempts of this vulnerability are detected using a combination of two

signatures. This is the second signature and generate a log message.