TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

271

272

273

274

275

276

277

278

279

280

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

275

Signature ID: 2016

Sendmail program piped aliases check with expn and "news"

Threat Level: Information

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature detects attacks, when the

Sendmail program send command is expn with argument is NEWS.

Signature ID: 2018

Sendmail program piped aliases check with expn and "admin"

Threat Level: Information

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature detects attacks, when the

Sendmail program send command is expn with argument is ADMIN.

Signature ID: 2019

Sendmail program piped aliases check with expn and "webmaster"

Threat Level: Information

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature detects attacks, when the

Sendmail program send command is expn with argument as WEBMASTER.

Signature ID: 2020

Sendmail program piped aliases check with expn and "uucp"

Threat Level: Information

Signature Description: An attacker can collect information about sendmail aliases that are piped to programs. It is

common to define aliases that pipe received mail to a program for processing. This signature detects attacks, when the

Sendmail program send command is expn with argument as UUCP.

Signature ID: 2021

Sendmail (8.6.9) identd check

Threat Level: Information

Industry ID: CVE-1999-0204

Signature Description: A vulnerability in version 8.6.9 of Berkeley Sendmail allows remote users to execute arbitrary

commands on vulnerable systems. This module ust be run as 'root', with the system's identd daemon disabled. If the

remote mailer does not support the ident protocol, the module will wait for an ident connection for several seconds

before reporting a site not vulnerable.

Signature ID: 2022

Sendmail 8.6.11 Denial of Service Vulnerability

Threat Level: Information

Signature Description: SMTP(Simple Mail Transfer Protocol) is a TCP/IP protocol. It is used to transfer e-mail

<br>messages between computers. Most e-mail systems that send mail over the Internet use SMTP to send messages

from one server to another. This signature detects the content '8.6.11'. This 8.6.11 version check module examines

available sendmail banners to determine the presence of Berkeley sendmail 8.6.11. If this version is detected, it is

possible that the host is vulnerable to a denial of service.