TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
957
Signature ID: 35497
Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2437
Bugtraq: 31139
Signature Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against
viruses, spyware, worms, and blended threats. Trend Micro OfficeScan, version 7.0, 7.3 with Patch 4 build 1362, and
8.0, is a stack-based buffer overflow vulnerability, caused by improper bounds checking by the cgiRecvFile.exe
service. This issue is triggered when an attacker sending a specially-crafted HTTP request containing an overly long
ComputerName, TempFileName, NewFileSize or Verify parameter. The successful exploitation may allow an attacker
to overflow a buffer and execute arbitrary code on the system or cause the application ot crash.
Signature ID: 35498
Microsoft IIS NNTP Service XPAT Command Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0574 Bugtraq: 11379
Signature Description: The NNTP component provides a service that enables the distribution, retrieval, and posting of
news articles among the Internet community. Microsoft's Internet Information Services (IIS) provides support for a
number of protocols, including NNTP. A buffer overflow vulnerability exists in NNTP component caused by improper
bounds checking of user-supplied input. By making use of the commands XPAT extended NNTP command set this
vulnerability can be exploited. The XPAT command allows the client to retrieve specific news article headers from the
server using pattern matching (regular expressions). The NNTP service translates calls to the XPAT command into an
internal query format. A boundary check flaw exists in the code that checks the length of the translation from the user-
supplied pattern into an internal query string. By constructing a query using XPAT with a special length and using
multiple patterns or search keys, an attacker can exploit this flaw. Successful exploitation of this vulnerability could
allow remote code execution in the context of the process accessing the vulnerable component. Administrators are
advised to install the updates mentioned in MS04-036.
Signature ID: 35499
Novell eDirectory LDAP NULL Search Parameter Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1809
Bugtraq: 30175
Signature Description: Novell eDirectory is an X.500 compatible directory service software. It is used for centrally
managing access to resources on multiple servers and computers within a given network. Lightweight Directory Access
Protocol(LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. Novell
eDirectory, version 8.7.3a and 8.8 on all platforms, is a heap-based buffer overflow vulnerability. This issue is
triggered when an attacker passing string 'null' via Null Search parameters. The successful exploitation may allow an
attacker to execute arbitrary code on the system or denial of service by causing eDirectory to crash. The issue is fixed
in the version of Novell eDirectory(8.7.3.10b or later and 8.8.2 FTF2 or later), which is available at vendor's web site.
The Administrator's are advised to update the latest version of Novell eDirectory for resolve the issue.
Signature ID: 35500
Microsoft Internet Explorer HTML Rendering Memory Corruption
Threat Level: Severe
Industry ID: CVE-CVE-2008-0076
Bugtraq: 27668
Signature Description: A remote code execution vulnerability exists in the way Internet Explorer interprets HTML
with certain layout combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web
page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who
successfully exploited this vulnerability could gain the same user rights as the logged on user. When the user enters text
on a form, or in response to an ISINDEX query, and hits the return key, the Web browser sends keystrokes captured