TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
897
the cgiABLogon.exe CGI module, which can be exploited to cause the PolicyServer.exe service to terminate for a
number of seconds. Patches are available for this issue. This signature detects when the attacker sending an overly long
"PWD" parameter or "TMLogonEncrypted" parameter.
Signature ID: 35206
Trend Micro OfficeScan Encrypted Passwords Processing Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1365 Bugtraq: 28020
Signature Description: Trend Micro OfficeScan is a centrally managed AntiVirus solution that allows administrators to
manage virus and spyware protection in business environments. This software is used to protect against computer
viruses, malware, spam, and Web-based threats. OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and earlier and
OfficeScan Corporate Edition 7.0 Patch 3 Build 1314 and earlier are vulnerable to this Denial of service attack. This
issue is caused by buffer overflow errors in the "cgiChkMasterPwd.exe" and "policyserver.exe" services when
processing requests with overly long arguments (> 512 bytes) send to the TCP PORT 8080. An error exists when
handling crafted HTTP requests containing an overly long"pwd" parameter or "TMLogonEncrypted" parameter within
the cgiABLogon.exe CGI module, which can be exploited to cause the PolicyServer.exe service to terminate for a
number of seconds. Patches are available for this issue. This signature detects when the attacker requesting
"cgiCHKMasterPwd.exe" file.
Signature ID: 35207
Trend Micro OfficeScan HTTP Request Parameter Processing Denial of Service Attack
Threat Level: Severe
Industry ID: CVE-2008-1366 Bugtraq: 28020
Signature Description: Trend Micro OfficeScan is a centrally managed AntiVirus solution that allows administrators to
manage virus and spyware protection in business environments. This software is used to protect against computer
viruses, malware, spam, and Web-based threats. OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and earlier and
OfficeScan Corporate Edition 7.0 Patch 3 Build 1314 and earlier are vulnerable to this Denial of service attack. NULL-
pointer dereference errors exist when attacker sends HTTP requests containing certain character sequences or non-
existent "Content-Length" headers in certain CGI modules to TCP port 8080. Due to this victim machine will get
compromise and attacker can execute arbitrary code. Vendor has provided patches to this issue.
Signature ID: 35208
Cisco Secure Access Control Server for Windows User-Changeable Password Cross Site Script
Attack
Threat Level: Severe
Industry ID: CVE-2008-0533 Bugtraq: 28222
Signature Description: Cisco Secure Access Control Server (ACS) is an access policy control platform that helps to
comply with growing regulatory and corporate requirements. By integrating it with other access control systems, it
helps improve productivity and contain costs. It supports multiple scenarios simultaneously, including: Device
administration, Remote Access, Wireless and Network admission control. Cisco, User-Changeable Password (UCP)
prior to 4.2 is vulnerable to the Cross Site Script Attack. Several UCP application pages do not properly filter HTML
code from user-supplied input before displaying the input. The vulnerability is caused by an input validation error in
the HTTP interface when processing the "Help" parameter passed to the "CSuserCGI.exe" script. Due to this user can
access the target user's cookies (including authentication cookies), if any, associated with the site, and can access data
recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Vendor has provided patches to resolve this issue Please see the reference.