TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

941

942

943

944

945

946

947

948

949

950

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

947

Signature ID: 35456

Symantec Veritas NetBackup bpcd.exe Command Chaining

Threat Level: Warning

Industry ID: CVE-2006-0492

Bugtraq: 21565

Signature Description: Symantec Veritas NetBackup is a client/server based backup software solution. Symantec

Veritas NetBackup, version 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4, is a command chaining

vulnerability. This signature will trigger when an attacker appending malicious commands to a valid command on TCP

port 13782. The Successful exploitation may allow an attacker to execute arbitrary commands on the system with the

privileges of the bpcd.exe process. Apply the appropriate patch M06-024 for resolve this issue, which is available at

vendor's web site.

Signature ID: 35457

Symantec Discovery XFERWAN Service Buffer Overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2007-1173 Bugtraq: 24002

Signature Description: Symantec Discovery is an easy to use solution for tracking all of an organization's hardware and

software assets. Symantec Discovery, version 6.0 and 6.5, is a buffer overflow vulnerability, caused by

CentenniallPTransferServer Service(XFERWAN.EXE). This rule will trigger when an attacker sending a specially-

crafted TCP packet containing a long string. The successful exploitation may allow an attacker to overflow a buffer and

execute arbitrary code on the system. No remedy available as of December 2007.

Signature ID: 35458

Ingres Database uuid_from_char Stack Buffer Overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2007-3338 Bugtraq: 24585

Signature Description: Ingress Database Server is a database server included in CA(Computer Associates) eTrust

Secure Content Manager. Ingress Database Server, version 2.5, 2.6, r3, and 2006 9.0.4, is a stack-based buffer overflow

vulnerability, caused by improper bounds checking by the uuid_from_char() function. This rule will trigger when an

attacker passing overly large string to the uuid_from_char() function using SQL commands. The successful

exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the system.

Signature ID: 35459

IPSwitch WS_FTP Logging Server Daemon Denial of Service

Threat Level: Warning

Industry ID: CVE-2007-3823

Signature Description: Ipswitch WS_FTP Server is a highly secure, fully features and easy to administer file transfer

Server for Microsoft Windows Systems. It is used for logging operations of the FTP server. And it uses a binary

protocol to speak to the logging daemon, and each transmission begins with a two byte header "0xab 0xaa". Ipswitch

WS_FTP Server, version 6, is a denial of service vulnerability, caused by a vulnerability in the FTP log

Server(ftplogsrv.exe). This issue is triggered when an attacker sending a specially-crafted packet containing a long

string to port 5151/UDP. The successful exploitation may allow an attacker to crash the server. Upgrade to the latest

version of WS_FTP Server(6.1 or later), is available from vendor's web site. Administrator's are advised to update

WS_FTP Server(6.1 or later) for resolve this issue.

Signature ID: 35461

IBM Lotus Notes MIF Attachment Viewer Buffer Overflow vulnerability

Threat Level: Severe

Bugtraq: 26175

Signature Description: IBM Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars