TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
285
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in
the SMTP header parsing component, caused by certain conversions from char and int types. A successful exploitation
of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability is fixed in the
Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker sending MAIL
FROM formatted address field.
Signature ID: 2209
SMTP MAIL FROM sendmail prescan too many addresses overflow
Threat Level: Critical
Industry ID: CVE-2002-1337 Bugtraq: 6991
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in
the SMTP header parsing component, caused by improper bounds checking of user suppled data. A successful
exploitation of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability
is fixed in the Sendmail 8.12.8. Administrators are advised to update the product. This rule will triggers when attacker
sending MAIL FROM formatted addres field.
Signature ID: 2210
SMTP RCPT TO decode attempt Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0203 CVE-1999-0163 Bugtraq: 2308
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail versions prior to 8.6.12 could allow a remote
attacker to execute arbitrary commands. This signature detects when an attacker sending invalid "Mail FROM" and
"RCPT TO" addresses. The successful exploitation of this issue will allow an attacker to gain root access on the
affected machine.
Signature ID: 2211
SMRP RCPT TO Command with Command Argument Length Exceeding 300 Bytes
Threat Level: Severe
Industry ID: CVE-2001-0260
CVE-2006-4379 CVE-2009-0410 Bugtraq: 2283,19885,33560
Signature Description: SMTP RCPT TO command is used to identify an individual recipient of the mail data. The
argument field contains a forward-path (normally consists of destination mail box and/or relay hosts) and may contain
optional parameters. This rule triggers when an attempt is made to send to a packet with long RCPT TO argument.
Products like IPSwitch IMail Server 2006 and Lotus Domino SMTP Server 5 are vulnerable to this type of attack.
Signature ID: 2212
SMTP RCPT TO sendmail prescan too long addresses overflow
Threat Level: Critical
Industry ID: CVE-2003-0161
Bugtraq: 7230
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in
the SMTP header parsing component, caused by certain conversions from char and int types. A successful exploitation
of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability is fixed in the