TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
864
Signature Description: Java Web Start is a framework developed by Sun Microsystems which allows application
software for the Java Platform to be started directly from the Internet using a web browser. Java Web Start in Sun JDK
and JRE 6 Update 4 and earlier are vulnerable. There exists a stack based buffer overflow vulnerability. The
vulnerability is due to improper bounds checking while handling XML based JNLP files. A remote attacker can exploit
this vulnerability by sending invalid encoding value to the target user to open a crafted JNLP file, potentially causing
arbitrary code to be injected and executed in the security context of the current user. An attacker frame packet with
<?XML tag given encoding values is overlengh or invalid. Patches are available at sun website.
Signature ID: 34928
IBM Informix Dynamic Server Authentication Password Stack Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0727
Bugtraq: 28198
Signature Description: Informix Dynamic Server, also known as IDS, is an extensible Relational Database
Management System originally developed by Informix Software Inc. IDS is now part of the IBM Software Group
database portfolio. IBM Informix Dynamic Server 11.1 and prior versions are vulnerable to a stack-based buffer
overflow, caused by improper bounds checking by oninit.exe. By sending an overly long password, a remote attacker
could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to
crash. Patches are available at IBM website.
Signature ID: 34930
Mozilla Firefox IFRAME Style Change Handling Code Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2008-1236 Bugtraq: 28448
Signature Description: Mozilla Firefox is a free web browser descended from the Mozilla Application Suite, managed
by the Mozilla Corporation. Firefox had 19.03% of the recorded usage share of web browsers as of June 2008, making
it the second-most popular browser in current use worldwide Mozilla Firefox before 2.0.0.13 is vulnerability, the flaw
is due to improper handling of changes to style elements of IFrame objects. A remote attackers to cause a denial of
service and possibly execute arbitrary code via unknown vectors. These attacks could allow for arbitrary code injection
and execution with the privileges of the currently logged on user. Patches are available at mozilla website.
Signature ID: 34931
McAfee VirusScan On-Access Scanner Long Unicode Filename Handling Buffer Overflow
vulnerability
Threat Level: Warning
Bugtraq: 23543
Signature Description: McAfee VirusScan is a popular antivirus program created and maintained by McAfee, formerly
known as Network Associates. VirusScan is designed for home and home-office use; McAfee also develops VirusScan
Enterprise for use in corporate environments. McAfee VirusScan Enterprise 8.0i Patch 11 and earlier are vulnerable, it
is heap buffer overflow vulnerability due to a boundary error when processing overly long file names that contain
Unicode characters. A remote attacker can exploit this vulnerability by placing a file with a specially crafted name on
the target system and enticing the user to access the file. Successful exploitation may allow arbitrary code execution in
the security context of System. Patches are available at mcafee website.
Signature ID: 34932
Apache Mod_TCL Remote Format String Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-4154
Bugtraq: 20527
Signature Description: The Apache HTTP Server, commonly referred to simply as Apache, also known as httpd, is an
open-source HTTP server that runs on Microsoft Windows, Linux, Unix and Apple OS X Operating Systems. Apache