TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

271

272

273

274

275

276

277

278

279

280

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

277

Signature ID: 2029

Sendmail (8.8.3/8.8.4) MIME buffer overflow check with version of 8.8.4

Threat Level: Information

Industry ID: CVE-1999-0047

Bugtraq: 685

Signature Description: An attacker can attempt to check if you are running sendmail version 8.8.4 or 8.8.3. Both of

these versions of sendmail have a vulnerability which may allow intruders to access the vulnerable system as root.

Signature ID: 2030

Sendmail.cf Relaying vulnerability

Threat Level: Information

Industry ID: CVE-2002-1278 Bugtraq: 6118

Signature Description: There is vulnerability in sendmail.cf. Using this vulnerability an attacker can determine if your

mail server can be used as a mail gateway or relay. When used as a mail relay, your host may be prone to "spammers"

relaying mail through your host to reach their intended audience.If a remote attacker sends an email message using

"user%domain@" as the format for the recipient address, the attacker could then use the sendmail server as an open

mail relay. For example, if an outside user were to send mail formatted as being to

"target%somedomain.com@yourmailserver.com" that message could be re-transmitted to the target recipient,

apparently originating from your mail server.

Signature ID: 2032

SmartMax Mail-Max Remote Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0404 Bugtraq: 2312

Signature Description: Smartmax MailMax is an email server for Windows 95/98/NT. Smartmax MailMax 1.0.0 is

vulnerable to buffer overflow. This attacks against the SMTP-command processing function in SMTP server. A

successful exploitation of this attack will allow attacker to execute arbitrary commands with the privileges of the user

running MailMax. This rule will triggers when an attempt is made to exploit this vulnerability.

Signature ID: 2033

Cmail User Leak vulnerability

Threat Level: Information

Signature Description: CMailServer is an email mail server software for Windows, which provide web based email

service. CMailServer is also an anti-virus mail server and anti-spam email server. It's easy to control pop3/smtp mail

connections. This web mail server provides an open developing interface for web developers who want to customize

the web mail pages. CMailServer is vulnerable to a system usernames verify vulnerability. This rule generates an event

when an attacker access user names.

Signature ID: 2036

IMail's whois32 service can be remotely crashed.

Threat Level: Warning

Signature Description: IMail is a popular multi-protocol mail server for Windows NT environments. The Whois32

service included in the IMail package. Whois32 service is vulnerable to a buffer overflow vulnerability. A successful

exploitation of this vulnerability allows an attacker to execute arbitrary commands on the vulnerable system.

Signature ID: 2038

Windows NT - SLmail v3.1 Denial of Service Vulnerability

Threat Level: Warning

Signature Description: SLMail is described by the vendor as a "security conscious Windows NT/ 2000 email server".