TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

931

932

933

934

935

936

937

938

939

940

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

938

Signature ID: 35416

Cisco Catalyst telnet server memory leak denial of service Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0041 Bugtraq: 2072

Signature Description: Cisco Catalyst switches are vulnerable to a denial of service attack, caused by a memory leak in

the Telnet server. Telnet is a network protocol used on the Internet or local area network(LAN) connections. Cisco

Catalyst 4000, 5000, and 6000 series switches are affected versions. The Telnet process fails to release resources upon

a failed authentication, or a successful login of extremely short duration. If enough memory resources are used, the

Catalyst switch stops performing any other processes. The server must be restarted to regain normal functionality.

Signature ID: 35417

Cisco IOS LPD daemon Hostname Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-5381 Bugtraq: 26001

Signature Description: Cisco IOS (Internetwork Operating System) is the software used on the Cisco routers and Cisco

switches. IOS is a package of routing, switching, internetworking and telecommunication functions tightly integrated

with a multitasking operating system. The Cisco IOS includes support for the UNIX Line Printer Daemon (LPD)

Protocol. LPD (Line Printer Daemon protocol) is a set of programs that provide printer spooling and network print

server functionality for Unix-like systems. Cisco IOS is (Cisco, IOS versions prior to 12.2(18)SXF11, prior to

12.4(16a), and Prior to 12.4(2)T6)) vulnerable to a stack-based buffer overflow. If LPD daemon is enabled, a remote

attacker can modify the hostname of affected device using SNMP(Simple Network Management Protocol(SNMP) is a

popular protocol for network management. It is used for collecting information from, and configuring, network devices,

such as servers, printers, hubs,switches, and routers on an Internet Protocol(IP) network). A remote attacker could

change hostname has long string (above 99 bytes) and send an overly long router hostname to TCP port 515 to

overflow a buffer and execute arbitrary code on the system or cause the device to crash.

Signature ID: 35418

Cisco OpenSSL Implementation Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0079 Bugtraq: 9899

Signature Description: Secure Sockets Layer (SSL) is a protocol used to encrypt the data transferred over a TCP

session. OpenSSL is (OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c) vulnerable to a denial of service Caused by a NULL-pointer

assignment in the "do_change_cipher_spec()" function. A remote attacker can send a specially-crafted handshake to

server that uses the OpenSSL library to cause OpenSSL to crash. This signature detects on service HTTPS on TCP Port

443.

Signature ID: 35419

Cisco OpenSSL Implementation Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0079

Bugtraq: 9899

Signature Description: Secure Sockets Layer (SSL) is a protocol used to encrypt the data transferred over a TCP

session. OpenSSL is (OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c) vulnerable to a denial of service Caused by a NULL-pointer

assignment in the "do_change_cipher_spec()" function. A remote attacker can send a specially-crafted handshake to

server that uses the OpenSSL library to cause OpenSSL to crash. This signature detects on service IIOP Name Service

over TLS/SSL on TCP Port 261.