NetProwler 3.5.1 Security Update 9

July 2, 2001

NetProwler 3.5.1 Security Update 9

Description

NetProwler 3.5.1 SU9 introduces signatures that detect various buffer overflow and denial of service attacks. It also strengthens the already existing NetProwler WebCom_CGI and ISAPI Extension signatures. This update contains fifteen new signatures. You may obtain NetProwler 3.5.1 SU9 through the product's auto update feature.

Security Update 9 Signatures

AIX_FTPD_Buffer_Overflow

Certain versions of AIX's libc contain a buffer overflow that allows root access

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0789

Bootp_Remote_Exec

A version of Bootp contains a buffer overflow allowing an attacker to remotely execute arbitrary code.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0799

ColdFusion_Path_Disclosure

Certain versions of ColdFusion allow attackers to determine the valid physical pathname of the server by sending HTTP requests to specific .cfm files.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0189

DNS_So_linger_DoS

By violating TCP session closure rules, this signature detects attempts made to hang the nameserver.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0837

Guestbook_CGI

Some versions of the Guestbook CGI script allow attackers to execute arbitrary code onto the webserver with the privileges of the web server process.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0237

HTTP_IIS_ISAPI_Extension

This signature detects attempts to overflow the buffer in the ISAPI extensions of the IIS server.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0500

ICMP_Kernel_Crash_Bad_Parameter

This signature detects attempts to crash a Linux machine utilizing bogus ICMP header information.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0804

IIS_Long_URL

Using large URL CGI requests, some versions of Microsoft Internet Information Server (IIS) are susceptible to denial-of-service.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0281

Linux_in.identd_DoS

Certain versions of SuSe Linux allow an attacker to crash the inetd server by sending multiple requests over a short period.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0746

Maxdname

This signature detects attempts to overflow a buffer in the nameserver resulting in a denial of service.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0849

Raq_Apache_dot_htaccess

A flaw in the default configuration permits this signature to detect attempts to extract unauthorized information from the webserver.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0234

Rusers_Query

An executed "rusers" daemon allows remote users to gather a great deal of information about a potential target machine.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0626

UW_POP2d_FOLD_Buffer_Overflow

Certain versions of IMAP allow an attacker to overflow a buffer in the University of Washington release of POP2d.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0920

Webcom_CGI

Detects attempts to execute the Webcom CGI Guestbook programs wguest.exe and rguest.exe that allow remote files to be read arbitrarily using the "template" parameter.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0467

WebGais_Remote_Command_Exec

Detects attempts to exploit a vulnerability in WebGais search tool.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0176
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0196

Last modified on: Wednesday, 26-Sep-01 12:07:05