HP ProCurve Switch: Deleted corrupted message buffers Health Monitor

Jalasoft.Xian.SmartManagementPacks.HPProCurveSwitches.DeletedCorruptedMessageBuffers.1.1 (AggregateMonitor)

This monitor catches Xian events that notifies when the Deleted corrupted message buffers if has changed its state.

Knowledge Base article:

Summary

Number of deleted corrupted message buffers is over threshold.

The number of times a corrupted buffer has been deleted is above the maximum threshold configured in Xian Network Manager 2012.

Causes

The switch is detecting a large amount of corrupted message buffers deleted. This vulnerability is likely due to a memory corruption bug, and may be an exploitable buffer overflow.

Resolutions

An excessive amount of corrupted message buffers may lead to a traffic slow down. Analyze the buffer strategies for handling message buffers and perform buffer tuning, if necessary. It would be possible for a user to execute arbitrary instructions on the server with the privileges of the web administration interface.

Additional

Monitors the number of times a corrupted buffer has been deleted.

Element properties:

TargetJalasoft.Xian.Common.Elements.ThirdParty.HP.JsXMessageBufferElement
Parent MonitorSystem.Health.PerformanceState
AlgorithmWorstOf
CategoryStateCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityLow
Alert Auto ResolveTrue
RemotableTrue
AccessibilityPublic
Alert Message
Deleted corrupted message buffers Alert
{0}

Source Code:

<AggregateMonitor ID="Jalasoft.Xian.SmartManagementPacks.HPProCurveSwitches.DeletedCorruptedMessageBuffers.1.1" Accessibility="Public" Enabled="true" Target="ThirdParty_HP!Jalasoft.Xian.Common.Elements.ThirdParty.HP.JsXMessageBufferElement" ParentMonitorID="SystemHealth!System.Health.PerformanceState" Remotable="true" Priority="Normal">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="DeletedCorruptedMessageBuffers_AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Low</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Params/Param[3]$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<Algorithm>WorstOf</Algorithm>
</AggregateMonitor>