TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
877
Signature ID: 35062
Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution with
foxcommand() method
Threat Level: Severe
Industry ID: CVE-2008-0236 Bugtraq: 27205
Signature Description: The Microsoft FoxServer ActiveX control (vfp6r.dll) could allow a remote attacker to execute
arbitrary commands on the system, caused by the use of the insecure foxcommand() function. By persuading a victim
to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to execute arbitrary commands
on the vulnerable system. This is because of vfp6r.dll design error, foxcommand() method directly allows any user to
execute commands at the remote system. Microsoft announced this as “not safe for scripting”. Microsoft
foxserver 6.0 is vulnerable, other versions may also vulnerable to this attack.
Signature ID: 35063
Mozilla Browsers CSS moz-binding Cross Domain Scripting
Threat Level: Severe
Industry ID: CVE-2006-0496 Bugtraq: 16427
Signature Description: Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious
script code in the context of an arbitrary domain, which could be exploited by remote attackers to bypass security
restrictions and gain knowledge of sensitive information. This flaw is due to an origin validation error when processing
certain CSS (Cascading Style Sheets) and HTML documents containing a specially crafted "-moz-binding" property
used in conjunction with the extensible binding language (XBL), which could be exploited by malicious web sites to
cause malicious scripting code to be executed by the user's browser in the security context of an arbitrary domain, and
gain access to cookie information.
Signature ID: 35064
Oracle Database Server InterMedia Denial of Service Vulnerability
Threat Level: Severe
Bugtraq: 13239
Signature Description: Oracle interMedia system, has two different types ORDImage and ORDDoc, which has a
vulnerability that can cause a Denial of Service condition. When trying to load a specially constructed file, or when
setting specially constructed data to object's property, a Denial of service can be triggered making Oracle server process
consume 100% CPU usage. The service needs to be restarted to resume normal operation. This vulnerability can be
exploited remotely by supplying a specially constructed file to an application that uses the vulnerable objects to process
the file in the database server.
Signature ID: 35066
Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1496 Bugtraq: 13509
Signature Description: Oracle database is prone to a privilege escalation vulnerability. A user with 'create job'
privileges can switch the 'session_user' to 'SYS'. This will facilitate privilege escalation. For example, if table policies
are set up using the SESSION_USER variable by employing VPD then it may be possible to overcome these policies
by exploiting this vulnerability. The vulnerable function is the run_job function of the DBMS_SCHEDULER package.
The general database privileges of the user are not affected. This issue is reported to be addressed in the 10.0.1.14 patch
set for Oracle. This statement is often used together with VPD (Virtual Private Database) or OLS (Oracle Label
Security) and could allow privilege escalation.Apply the 10.0.1.4 patch set for Oracle 10g as the solution for this attack.
This rule hits when 35065 has set the dbms_scheduler track state and sys_context and session_user parameters are
found in the traffic.