TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
909
issue can result in arbitrary code execution or cause the application to crash. Update to version 4.5 Service Pack 2,
available from the HP Web site. Please see vendor's advisory for more details. This signature detects attacks on TCP
port 1106.
Signature ID: 35258
HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1661 CVE-2008-0973 Bugtraq: 27951
Signature Description: HP Storage Mirroring Software provides host-based replication and failover for enterprise and
midrange customers seeking an alternative to fabric or array-based replication. Storage Mirroring Software uses the
absolute minimum bandwidth required to replicate customer data. Advanced features allow a customer to control
bandwidth usage and queue data for replication during off-peak times if desired. HP StorageWorks Storage Mirroring
(SWSM) software version 4.5 is vulnerable to a stack-based buffer overflow This is caused due to improper bounds
checking by the DoubleTake.exe process when handling authentication requests. During the handling of an encoded
authentication request, the process copies the user-supplied login information into a fixed length stack buffer. Sending
at least 256 bytes will trigger a stack based buffer overflow due to a vulnerable processing loop. Exploitation of this
issue can result in arbitrary code execution or cause the application to crash. Update to version 4.5 Service Pack 2,
available from the HP Web site. Please see vendor's advisory for more details. This signature detects attacks on UDP
port 1105.
Signature ID: 35259
Double-Take negative vector field value Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0975 Bugtraq: 27951
Signature Description: Double-Take for Windows from Double-Take Software makes data replication and recovery
easy by providing real-time backup and automatic failover capabilities for physical and virtual servers. It does not
depends on type of Windows application you are using, and is the answer for disaster recovery, high availability and
centralized backup. It provides protection far beyond periodic back up by capturing byte-level changes in real time and
replicating them to the alternate server, either locally or across the globe. Double-Take 5.0.0.2865 and earlier,
distributed under the HP StorageWorks Storage Mirroring is vulnerable to denial of service attack. This vulnerability is
caused due to sending a "-1" value in the field that specifies the size of the vector<T> value. Due to this CPU
consumption will increase to 100% and no other processes will work. No fixes are available as of now. This signature
detects attacking 1100 port.
Signature ID: 35260
Double-Take negative vector field value Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0975 Bugtraq: 27951
Signature Description: Double-Take for Windows from Double-Take Software makes data replication and recovery
easy by providing real-time backup and automatic failover capabilities for physical and virtual servers. It does not
depends on type of Windows application you are using, and is the answer for disaster recovery, high availability and
centralized backup. It provides protection far beyond periodic back up by capturing byte-level changes in real time and
replicating them to the alternate server, either locally or across the globe. Double-Take 5.0.0.2865 and earlier,
distributed under the HP StorageWorks Storage Mirroring is vulnerable to denial of service attack. This vulnerability is
caused due to sending a "-1" value in the field that specifies the size of the vector<T> value. Due to this CPU
consumption will increase to 100% and no other processes will work. No fixes are available as of now. This signature
detects attacking 1106 port.