TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
904
Signature ID: 35237
Cisco Unified Communications Manager CTL Provider Heap Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0027 Bugtraq: 27313
Signature Description: Cisco Unified Communications Manager (CUCM) is the call processing component of the
Cisco IP telephony solution that extends enterprise telephony features and functions to packet telephony network
devices, such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications.
The CTL Provider service of the CUCM is vulnerable to a heap based buffer overflow vulnerability. The CTL Provider
service, CTLProvider.exe, listens on TCP port 2444 by default. When user sends data more than 0x4000 bytes a loop
occurs during receive of socket data. This will continue until heap chunks are overwritten at the users control, which
can be exploited to overwrite memory and further lead to arbitrary code execution. Cisco has provided patces to resolve
this issue.
Signature ID: 35238
Sybase SQL MobiLink Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0912 Bugtraq: 27914
Signature Description: Sybase MobiLink is software for the two-way synchronization of data between a central,
consolidated database and a number of remote databases. The application is part of Sybase's SQL Anywhere Studio
package. Mobilink server version 10.0.1.3629 and prior are vulnerable to heap based buffer overflow. A successful
exploit will allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit
attempts will likely result in denial-of-service conditions. The vulnerability is caused due to a boundary error within the
MobiLink server (mlsrv10.exe). When attacker sends a specially crafted packet with long username value (> 128 bytes)
or version (>128 bytes) or remote ID (>128 bytes) to the TCP port 2439, this overflow will occur. Vendor has issued
patches to this issue. Please refer vendor URL for further details.
Signature ID: 35239
Sybase SQL Anywhere MobiLink Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0912 Bugtraq: 27914
Signature Description: Sybase MobiLink is software for the two-way synchronization of data between a central,
consolidated database and a number of remote databases. The application is part of Sybase's SQL Anywhere Studio
package. Mobilink server version 10.0.1.3629 and prior are vulnerable to heap based buffer overflow. A successful
exploit will allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit
attempts will likely result in denial-of-service conditions. The vulnerability is caused due to a boundary error within the
MobiLink server (mlsrv10.exe). When attacker sends a specially crafted packet with long username, version or remote
ID to the TCP port 2439, this overflow will occur. Vendor has issued patches to this issue. Please refer vendor URL for
further details.
Signature ID: 35240
Apple QuickTime RTSP Response message buffer overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0234
Bugtraq: 27225
Signature Description: QuickTime is a multimedia framework developed by Apple Inc., capable of handling various
formats of digital video, media clips, sound, text, animation, music, and several types of interactive panoramic images.
Real Time Streaming Protocol (RTSP) is a protocol that is used by streaming media systems. Apple QuickTime
Streaming Server and QuickTime Player both support RTSP. Quicktime Player 7.3.1.70 and prior versions are
vulnerable to heap based buffer overflow vulnerability. This vulnerability is caused due to a boundary error when