TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
899
improper bounds checking in the Client Acceptor Daemon dsmcad.exe which runs on TCP port 1581 by default. If the
Client Acceptor Daemon (CAD) is used with either the Web GUI or with CAD-managed scheduling, a remote attacker
could send a malicious HTTP request with Host field contains a large string that could overflow a buffer and execute
arbitrary code on the system or cause the client to crash. IBM has issued an update to correct this vulnerability in IBM
Flash Alert 1268775.
Signature ID: 35214
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-4221
Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control prior to
versions 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the
RunEgatherer method. This method accepts one parameter, the specified file name for the eGatherer log output. By
filling the single parameter with a large string, a straight stack overflow occurs. Users are advised to set kill bit to the
clsid corresponding to the progid IbmEgath.IbmEgathCtl.1 to resolve this issue. Exploit attempts of this vulnerability
are detected using a combination of two signatures. This is the second signature and generates a log message.
Signature ID: 35215
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4221 Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before
3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs. By persuading a victim to visit a malicious Web page,
containing hex encoded malformed data attacker can execute the arbitrary code in the victim system. Users are advised
to set kill bit to the clsid 74FFE28D-2378-11D5-990C-006094235084 to resolve this issue.
Signature ID: 35216
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4221
Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before
3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs. By persuading a victim to visit a malicious Web page,
containing %u encoded shellcode data attacker can execute the arbitrary code in the victim system. Users are advised to
set kill bit to the clsid 74FFE28D-2378-11D5-990C-006094235084 to resolve this issue.
Signature ID: 35217
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4221
Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before
3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs. By persuading a victim to visit a malicious Web page,
containing %u encoded shellcode data attacker can execute the arbitrary code in the victim system. Users are advised to
set kill bit to the clsid corresponding to the progid IbmEgath.IbmEgathCtl.1 to resolve this issue.