NetProwler 3.5.1 SU20 introduces a total of six (6) new signatures. These signatures include the detection of a Lucent Router exploit, a Microsoft 2000 Buffer Overflow, a Solaris AnswerBook2 exploit, an Avaya switch exploit, a Solaris Telnet Buffer Overflow, and a Cisco TFTP Buffer Overflow. You may obtain NetProwler 3.5.1 SU20 through the product's auto update feature.
- HTTP_AnswerBook2_AddAdmin:
This signature detects the attempt to exploit a vulnerability that allows visitors to add administration accounts, due to a lack of authentication checks. The result of this potentially unauthorized escalation of privileges is access to log files and the ability to manage content.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0696
- HTTP_Lucent_Access_Kill:
This signature detects the attempt to exploit a vulnerability in Lucent's Access Points IP Services Router that allows the remote rebooting of the router. The result of this exploit is a Denial of Service to the router and the networks the router controls.
Security Bugware ID: 5575
- HTTP_MS_Help_BO:
This signature detects the attempt to exploit a vulnerability in Winhelp that allows the remote execution of arbitrary code on a remote system by either encouraging the victim to visit a particular web page, whereby code would execute automatically, or by including the exploit within the source of an email. The result of this exploit is the unauthorized access of the exploited machine.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0823
- SNMP_Avaya_Community_String:
This signature detects the attempt to exploit a vulnerability in some Avaya series hardware that allows visitors to administer it, due to an undocumented SNMP r/w community string. The result of this potentially unauthorized escalation of privileges is remote administration of the hardware.
http://online.securityfocus.com/archive/1/286067
- TELNET_Solaris_BO:
This signature detects the attempt to exploit a vulnerability that allows visitors to gain root access, due to an exploitable buffer overflow. The result of this unauthorized access is the ability to remotely administer all aspects of the exploited machine.
http://www.securitybugware.org/SunOS/5651.html
- TFTP_Cisco_Filename_BO:
This signature detects the attempt to exploit a vulnerability that allows a denial of service and potential code execution, due to a buffer overflow in the TFTP service. The result of this is denial of service against the TFTP service but potentially could allow arbitrary remote code execution.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0813
Last modified on: Wednesday, 13-Nov-02 14:49:53
|
