TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
896
Signature ID: 35202
IBM Tivoli Provisioning Manager for OS Deployment HTTP Server Buffer Overflow
Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0401 Bugtraq: 27387
Signature Description: IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network boot server that
facilitates central management of networked workstations. It implements Preboot Execution Environment (PXE), a
Web-based administration service, DHCP, TFTP, and several additional protocols. IBM Tivoli Provisioning Manager
for OS Deployment version 5.1.0.3 and prior versions are vulnerable to the denial of service attack. The vulnerability is
caused due to a boundary error within the logging functionality of the web server component. By sending a specially
crafted request with an overly large HTTP request method to a victim system to TCP port 443 or to TCP poet 80 user
can potentially compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code in the
victim system. Vendor has provided patches ti resolve this issue.
Signature ID: 35203
Sybase SQL Anywhere MobiLink Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0912 Bugtraq: 27914
Signature Description: Sybase MobiLink is software for the two-way synchronization of data between a central,
consolidated database and a number of remote databases. The application is part of Sybase's SQL Anywhere Studio
package. Mobilink server version 10.0.1.3629 and prior are vulnerable to heap based buffer overflow. A successful
exploit will allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit
attempts will likely result in denial-of-service conditions. The vulnerability is caused due to a boundary error within the
MobiLink server (mlsrv10.exe). When attacker sends a specially crafted packet with long username, version or remote
ID to the TCP port 2439 this overflow will occure. Vendor has issued patches to this issue. Please refer vendor URL for
further details.
Signature ID: 35204
Sybase SQL MobiLink Listener Denial of Service Attack
Threat Level: Severe
Signature Description: Sybase MobiLink is software for the two-way synchronization of data between a central,
consolidated database and a number of remote databases. The application is part of Sybase's SQL Anywhere Studio
package. MobiLink Listener is part of the Sybase SQL Anywhere package. MobiLink Listener version 10.0.1.3629 and
prior are vulnerable to Denial of Service attack. The dblsn.exe process in MobilLink Listener which listens on UDP
port 5001 can receive packets of max 1024 bytes, packets greater than this size cause the blocking of the listener
service and causes browser to crash. Please upgrade the latest version (> 10.0.1.3629) of MobiLink Listener to resolve
this issue.
Signature ID: 35205
Trend Micro OfficeScan Encrypted Passwords Processing Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1365
Bugtraq: 28020
Signature Description: Trend Micro OfficeScan is a centrally managed AntiVirus solution that allows administrators to
manage virus and spyware protection in business environments. This software is used to protect against computer
viruses, malware, spam, and Web-based threats. OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and earlier and
OfficeScan Corporate Edition 7.0 Patch 3 Build 1314 and earlier are vulnerable to this Denial of service attack. This
issue is caused by buffer overflow errors in the "cgiChkMasterPwd.exe" and "policyserver.exe" services when
processing requests with overly long arguments (> 512 bytes) send to the TCP PORT 8080. An error exists when
handling crafted HTTP requests containing an overly long"pwd" parameter or "TMLogonEncrypted" parameter within