TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
898
Signature ID: 35209
Cisco Secure Access Control Server for Windows User-Changeable Password Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0532 Bugtraq: 28222
Signature Description: Cisco Secure Access Control Server (ACS) is an access policy control platform that helps to
comply with growing regulatory and corporate requirements. By integrating it with other access control systems, it
helps improve productivity and contain costs. It supports multiple scenarios simultaneously, including: Device
administration, Remote Access, Wireless and Network admission control. Cisco, User-Changeable Password (UCP)
prior to 4.2 is vulnerable to the Buffer overflow attack. The overflow is caused by buffer overflow errors in the HTTP
interface when processing overly long arguments passed to the "CSuserCGI.exe" script. Due to this attacker can crash
an affected application or execute arbitrary code. Vendor has provided patches to resolve this issue. This signature
detects attacks, the attack pattern is any one of Logout, Main, changepass these three words then checking for dot(.
\x2e) with in 96 bytes.
Signature ID: 35210
Cisco Secure Access Control Server for Windows User-Changeable Password Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0532 Bugtraq: 28222
Signature Description: Cisco Secure Access Control Server (ACS) is an access policy control platform that helps to
comply with growing regulatory and corporate requirements. By integrating it with other access control systems, it
helps improve productivity and contain costs. It supports multiple scenarios simultaneously, including: Device
administration, Remote Access, Wireless and Network admission control. Cisco, User-Changeable Password (UCP)
prior to 4.2 is vulnerable to the Buffer overflow attack. The overflow is caused by buffer overflow errors in the HTTP
interface when processing overly long arguments passed to the "CSuserCGI.exe" script. Due to this attacker can crash
an affected application or execute arbitrary code. Vendow has provided patches to resolve this issue. This signature
detects attacks, the attack pattern is non-word character as argument passed to the "CSuserCGI.exe" script then
checking for dot(. \x2e) with in 96 bytes.
Signature ID: 35211
McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1357 Bugtraq: 28228
Signature Description: McAfee ePolicy Orchestrator (ePO) delivers real-time information and application integration
for network, desktop, and server security. McAfee ePolicy Orchestrator version 3.6.0.569 is vulnerable to denial of
service attack. The vulnerability is caused due to a format string error within the McAfee Framework Service
(FrameworkService.exe). By sending specially crafted packets containing format string specifiers sent to default port
8082/UDP user can overflow buffer. This vulnerability exists on all versions of CMA for Windows where the user has
changed the default debug level of 7 to its highest level of 8. Vendor has issued patches for this issue and if user keeps
the default debug level to 7 or low, he can avoid this DOS attack.
Signature ID: 35212
IBM Tivoli Storage Manager (TSM) Client Acceptor Daemon (CAD) Buffer Overflow
Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4880
Bugtraq: 25743
Signature Description: IBM Tivoli Storage Manager (TSM) is a centralized policy-based data backup and recovery
software. IBM Tivoli Storage Manager version 5.4 - 5.1 backup clients are vulnerable to a buffer overflow due to