TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

271

272

273

274

275

276

277

278

279

280

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

274

vulnerable to a denial of service attack.attacker sends a malformed BDAT data transfer command to an affected server,

the attacker can cause the SMTP service to fail. The SMTP service must be restarted to regain normal functionality.

Signature ID: 2011

MS Exchange Server SMTP DoS with content of b00mAUTH LOGIN

Threat Level: Information

Industry ID: CVE-2002-0055

Bugtraq: 4204 Nessus: 10885

Signature Description: The Simple Mail Transfer Protocol service in Microsoft Exchange Server is vulnerable for DoS

attacks. Attacker sends malformed requests to SMTP Service on MS Exchange servers.The service will restart

automatically, but all the connections established at the time of the attack will be dropped.

Signature ID: 2012

Microsoft SMTP Service Malformed Command Denial of Service Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0055 Bugtraq: 4204 Nessus: 10885

Signature Description: SMTP(Simple Mail Transfer Protocol) is a TCP/IP protocol. It is used to transfer e-mail

<br>messages between computers. Most e-mail systems that send mail over the Internet use SMTP to send messages

from one server to another. Simple Mail Transfer Protocol(SMTP) service in Microsoft Windows and Exchange is a

denial of service vulnerability. This rule will trigger when a remote attacker sends a malformed "BDAT" data transfer

command to an affected server. The successful exploitation of this issue will allow an attacker to cause the SMTP

service to fail. Apply the appropriate patch for removing this issue, which is available at vendor's web site.

Signature ID: 2013

Sendmail program piped aliases check

Threat Level: Information

Industry ID: CVE-1999-0531 Nessus: 10249

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature generates an event when

an attacker try to send expn command with argument root in Sendmail program.

Signature ID: 2014

Sendmail program piped aliases check with expn and "majordomo"

Threat Level: Information

Industry ID: CVE-1999-0565

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature detects attacks, when the

Sendmail program send command is expn with argument is majordomo.

Signature ID: 2015

Sendmail program piped aliases check with expn and "postmaster"

Threat Level: Information

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature detects attacks, when the

Sendmail program send command is expn with argument is POSTMASTER.