TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
912
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs.
Signature ID: 35270
Visual Basic Enterprise Edition SP6 vb6skit.dll Buffer Overflow Vulnerability
Threat Level: Severe
Bugtraq: 29729
Signature Description: Visual Basic (VB) is a third-generation event-driven programming language and associated
development environment (IDE) from Microsoft for its COM programming model. It enables the rapid application
development (RAD) of graphical user interface (GUI) applications, access to databases using DAO, RDO, or ADO, and
creation of ActiveX controls and objects. Microsoft Visual Basic Enterprise Edition 6.0 SP6 is vulnerable to stack
based buffer overflow. This vulnerability is caused due to improper bounds checking by the vb6stkit.dll module. By
persuading a user to open a malicious visual basic form that passes an overly long string to the lpstrLinkPath parameter,
remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or
cause a denial of service. No patch details are available as of July 2, 2008. Exploit attempts of this vulnerability
detected using a combination of two signatures, this is second signature and generate log message.
Signature ID: 35271
MDaemon worldclient.dll Denial of service attack
Threat Level: Severe
Industry ID: CVE-2008-2631
Signature Description: MDaemon is a multi-protocol mail server that runs on Microsoft Windows systems and is an
alternative to Microsoft Exchange. It supports IMAP, SMTP, and POP3 protocols, and provides outstanding groupware
features, integration with Microsoft Outlook (using Outlook Connector for MDaemon) and a multi-language webmail
client for email access anywhere. The WordClient interface in Alt-N Technologies MDaemon 9.6.5 and prior versions
are vulnerable to denial of service attack. This vulnerability is caused due to a NULL-pointer dereference error while
processing the HTTP requests sent to the WordClient interface (listening on TCP port 3000 by default). By sending a
specially crafted HTTP POST request to WorldClient.dll attacker can crash WordClient service. Please Update to
version 9.66 to resolve this issue.
Signature ID: 35272
Dana IRC Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2922 Bugtraq: 29724
Signature Description: Internet Relay Chat (IRC) is a form of real-time Internet chat or synchronous conferencing. It is
mainly designed for group communication in discussion forums called channels, but also allows one-to-one
communication via private message, as well as chat and data transfers via Direct Client-to-Client. Dana IRC is a smart
and easy to use IRC client for both, expert and new users. Dana can be customized by creating individual skin-graphics
and server-presets to provide special Dana-clients for special-events. Dana IRC version 1.3 and prior are vulnerable to
stack based buffer overflow. The vulnerability is caused due to a boundary error in the processing of IRC messages. By
sending an overly long message to the client attacker may cause system to crash and execution of arbitrary code. No
patch details are available as of july, 2, 2008.
Signature ID: 35273
Anata CMS 1.0b5 Arbitrary Add-Admin Vulnerability
Threat Level: Severe
Signature Description: A content management system (CMS) is computer software used to create, edit, manage, and
publish content in a consistently organized fashion. CMSs are frequently used for storing, controlling, versioning, and
publishing industry-specific documentation such as news articles, operators' manuals, technical manuals, sales guides,