TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
955
attacker sending sequence of EIGRP Internal IP prefix length (the prefix length should be >0 and <=32). The successful
exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the system or cause ethereal to
crash. The issue is fixed in the version of Ethereal(0.10.3 or later), which is available at ethereal web site. The
Administrator's are advise to update the latest version of Ethereal(0.10.3 or later) for resolve the issue.
Signature ID: 35490
Ethereal IGAP Dissector Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0176 Bugtraq: 9952
Signature Description: Ethereal is a network packet analyzer that supports nearly 700 network protocols. It is used to
troubleshoot network problems and find security deficiencies. It is able to analyze network traffic in two ways: by
reading packets from a live network, or by reading in network traffic saved by Packet Capture Library tools.
IGAP(Internet Group Authentication Protocol), a multicasting protocol in the internet protocols family, is used by IP
hosts to report their host group memberships to any immediately neighboring multicast routers. Ethereal, version 0.8.13
to 0.10.2, is a buffer overflow vulnerability. The issue is triggered when an attacker send a maliciously crafted IGAP
Membership Query request with an overly long account name or message. The successful exploitation may allow an
attacker to overflow a buffer and execute arbitrary code on the system. The issue is fixed in the version of
Ethereal(0.10.3 or later), available from ethereal web site. The Administrator's are advise to update the latest version of
Ethereal(0.10.3 or later) for resolve the issue.
Signature ID: 35491
Squid Gopher Protocol Handling Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0094 Bugtraq: 12276
Signature Description: The Internet Gopher protocol is designed for distributed document search and retrieval. This
document describes the protocol, lists some of the implementations currently available, and has an overview of how to
implement new client and server applications. Squid, version 2.5.STABLE7 and earlier, is a buffer overflow
vulnerability. The issue is triggered when a malicious user may set up a fake Gopher server and forward requests to it
through Squid. Then the gopher server returns a line longer than 4096 bytes on TCP port 70. The first character of each
line tells whether the line describes a document, directory, or search service(characters '0', '1', '7' etc..) and each line end
with period. The successful exploitation may allow an attacker to overflow a buffer and execute arbitrary code on the
system.
Signature ID: 35492
Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0553 Bugtraq: 13120
Signature Description: Dynamic HTML (DHTML) extends static HTML pages to allow interactive web pages to be
easily created. Microsoft Internet Explorer versions 5.01, 5.5, and 6 could allow a remote attacker to execute arbitrary
code caused by a race condition when Dynamic HTML (DHTML) objects are processed. The DHTML Object Model
(DOM) specification allows users to create browser windows in addition to other elements. When a new browser
window is created, it is possible to refer to the parent window from the newly opened window. A race condition occurs
in Microsoft Internet Explorer (IE) when both the child and parent windows try to occupy the same memory due to
improper IE DOM implementation that incorrectly manages threads. Under these conditions it is possible to insert
arbitrary code, and have it run in the context of the web browser that is parsing the DHTML. This signature specifically
looks for appendchaild, createElement, and removeNode methods in UTF encoding. This can lead to random crashes
and remote command execution. An attacker could exploit this vulnerability by creating a malicious Web page or an
HTML e-mail message and then persuading the user to visit the page or to view the HTML e-mail message.