TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
950
Signature ID: 35470
MailEnable SMTP NTLM Authentication Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5176 Bugtraq: 20290
Signature Description: MailEnable mail server software provides a powerful, scalable hosted messaging platform for
Microsoft Windows. MailEnable, version professional 2.0 and Enterprise 2.0, is a buffer overflow vulnerability, caused
by improper bounds checking of NTLM type 1 message. This issue is triggered when an attacker sending specially-
crafted NTLM type 1 message. NTLM authentication is disabled by default. The successful exploitation may allow an
attacker to overflow a buffer and execute arbitrary code on the system. The issued is fixed in the appropriate patch ME-
10015, available from vendor's web site. The Administrator's are advice to apply the available patch for resolve the
issue.
Signature ID: 35471
Symantec VERITAS NetBackup vnetd Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-0991 Bugtraq: 17264
Signature Description: Symantec VERITAS NetBackup is a client/server based backup software solution. The
Sharepoint Services server(bpspsserver) daemon is enabled by default on both servers and clients in the NetBackup.
Symantec VERITAS NetBackup, version 6.0, is a buffer overflow vulnerability in the vnetd service. This issue is
triggered when an attacker sending specially-crafted messages to TCP port 13724. The successful exploitation may
allow an attacker to overflow two fixed size buffer and execute arbitrary code on an affected system.
Signature ID: 35472
FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4619 Bugtraq: 26042
Signature Description: Free Lossless Audio Coded(FLAC) is a popular file format for audio data compression. AOL
Corp's Winamp media player has support for the FLAC format. FLAC(libFlac), version before 1.2.1, is a buffer
overflow vulnerability. This issue is triggered when an attacker inserting an overly long VORBIS Comment data string
along with an large VORBIS Comment data string size value. The successful exploitation may allow an attacker to
overflow a buffer and execute arbitrary code on the system(This is due to most applications reading data until they
encounter a NULL byte). The issue is fixed in the latest version of FLAC(1.2.1 or later), available from the vendor's
web site. An Administrator's are advise to update the latest version of FLAC(1.2.1 or later) for resolve the issue.
Signature ID: 35474
Microsoft Outlook Express and Windows Mail NNTP Handling Code Execution vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3897
Bugtraq: 25908
Signature Description: Network News Transfer Protocol(NNTP) is an internet application protocol used primarily for
reading and posting Usenet articles, as well as transferring news among news servers. Microsoft Outlook Express 6 and
earlier and Windows Mail for vista is a heap-based buffer overflow vulnerability, caused by improper handling of
malformed Network News Transfer Protocol responses. This issue is triggered when mishandling NNTP server
responses to the XHDR command(XHDR command is used to retrieve specific headers from specific articles). The
successful exploitation may allow an attacker to overflow a buffer by returning more data than requested by the client
and execute arbitrary code on the system. Exploit attempts of this vulnerability are detected using a combination of two
signatures. This is the second signature and generates a log message.