TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
937
Signature ID: 35409
Cisco IOS IPv4 Packets Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0567
Bugtraq: 8211
Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco System routers
and Cisco network switches. IOS is a package of routing, switching, inter networking and telecommunications
functions. It is integrated with a multitasking operating system. Cisco IOS (Cisco IOS versions 11.x and 12.0 through
12.2) are vulnerable to denial of service attack.By sending a sequence of IPv4 packets for specific protocols
53(SWIPE), 55(IP Mobility), 77(Sun ND) with ttl values 0 or 1 and 103(Protocol Independent Multicast) with ttl
values is any, the device may incorrectly flag the input queue on an interface as full. This signature detects when the ttl
value is '1' and the protocol is 77(Sun ND).
Signature ID: 35410
Cisco IOS GRE decapsulation ACL bypass Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-4650 Bugtraq: 19878
Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco routers and Cisco
switches. IOS is a package of routing, switching, internetworking and telecommunication functions tightly integrated
with a multitasking operating system. Generic Routing Encapsulation (GRE) is a tunneling protocol designed to
encapsulate a wide variety of network layer packets inside IP tunneling packets. CISCO IOS (Cisco IOS affected
versions Cisco IOS 12.0 through 12.2)could allow a remote attacker to bypass Access control Lists(ACLs), caused by
improper parsing of Generic Routing Encapsulation packets. By sending a specially-crafted GRE packets containing
invalid source routing information.
Signature ID: 35414
Cisco-MARS/JBoss Remote Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-3734 Bugtraq: 19071
Signature Description: Cisco Security Monitoring, Analysis and Response System (CS-MARS) is a security system
that receives event logs from various network devices, correlates and analyzes the received data for security problems,
and reports the findings. Cisco Security Monitoring, Analysis and Response System (Cisco, CS-MARS prior to 4.2.1)
could allows a remote administrator to gain elevated privileges on the device, caused by improper parsing of commands
by the command line interface. A remote CS-MARS administrator to execute arbitrary commands on the base
operating system with the root privileges. Exploit attempts of this vulnerability detected using a combination of two
signatures, this is second signature and generate log message.
Signature ID: 35415
Cisco Router Web Setup (CRWS) IOS HTTP interface command execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-3595 Bugtraq: 18953
Signature Description: Cisco Router Web Setup tool (CRWS) provides a graphical user interface (GUI) for configuring
Cisco SOHO and Cisco 800 series routers, and allows users to set up their routers quickly and easily. By default Cisco
IOS HTTP Server was is disabled. If the HTTP server is enabled a remote attacker to execute arbitrary commands,
caused by an insecure default IOS configuration. If no additional authentication mechanisms have been configured for
the Cisco IOS HTTP interface, a remote attacker could connect to a vulnerable device without authentication and
execute arbitrary commands with level 15 privileges. The affected version is Cisco, Router Web Setup 3.3.0_build_30