TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
874
detected using a combination of two signatures. This is the second signature and generate a log message. This signature
detects using on TCP port 2103. Sometimes the remote user attack this service using on TCP Ports 2101, 2105, 2107.
Signature ID: 35047
Sophos Anti-Virus Cabinet File Processing Memory Corruption
Threat Level: Warning
Industry ID: CVE-2006-0994
Bugtraq: 17876
Signature Description: Sophos Anti-Virus fails to properly process Microsoft CAB files. A remote attacker may be
able to leverage this vulnerability to execute code of their choosing on the target host or cause a denial of service (DoS)
against the Sophos Anti-Virus process. This is a heap overflow vulnerability and is caused by the mishandling of CAB
files. If a CAB file contains an excessive amount of folder descriptions a static buffer could be overflowed giving an
attacker the opportunity to execute code of their choosing on an affected host.
Signature ID: 35049
Microsoft Distributed Transaction Coordinator Heap Overflow
Threat Level: Warning
Industry ID: CVE-2006-1184 Bugtraq: 17905
Signature Description: Microsoft DTC is used to manage transactions between networked machines using the
Microsoft Windows operating system. A vulnerability in the implementation of MSDTC exists due to a programming
error which may present an attacker with the opportunity to deny service to legitimate users. The Distributed
Transaction Coordinator fails to properly check the length of data supplied to the service before passing it along to a
fixed length buffer. MSDTCPRX.DLL functions as an RPC server inside the MSDTC.EXE process, with a dynamic
TCP port as its RPC endpoint and UUID(906B0CE0-C70B-1067-B317-00DD010662DA)v1.0 as the sole interface it
provides. The function CRpcIoManagerServer::BuildContext, as called from BuildContextW (opnum 7) on Windows
2000 and Windows XP, and BuildContext(opnum 1) on Windows NT 4.0, contains a heap overflow vulnerability due
to a lack of input validation. This vulnerability does not allow an attacker to run code of their choosing, but it will cause
the MSDTC service to stop responding. Excess data in the values for uuidstring or guidin passed in a BuildContextW
request may cause the MSDTC service to attempt to access memory it cannot use. The MSDTC service will cease
responding.
Signature ID: 35052
Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow Vulnerability
Threat Level: Severe
Bugtraq: 14317
Signature Description: Alt-N Technologies provides affordable Windows-based software, including an email server,
email antivirus and antispam protection, Outlook integration, and network fax management software. Alt-N MDaemon
IMAP Server is affected by a remote buffer overflow vulnerability. A specially crafted request can corrupt process
memory and lead to an overflow condition. This issue may be leveraged to execute arbitrary code in the context of the
server. This may facilitate unauthorized access to the affected computer. Alt-N MDaemon 8.03 is reported to be
vulnerable. Other versions are likely affected as well.
Signature ID: 35053
Alt-N MDaemon IMAP Server CREATE Command Buffer Overflow
Threat Level: Severe
Bugtraq: 14315
Signature Description: Alt-N Technologies provides affordable Windows-based software, including an email server,
email antivirus and antispam protection, Outlook integration, and network fax management software. Alt-N MDaemon
IMAP Server is affected by a remote buffer overflow vulnerability. This issue presents itself when an attacker submits
excessive data through the CREATE command subsequent to authentication. This vulnerability may be leveraged to