TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

281

282

283

284

285

286

287

288

289

290

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

286

Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker sending SEND

RCPT TO formatted address field.

Signature ID: 2213

SMTP RCPT TO sendmail prescan too many addresses overflow

Threat Level: Critical

Industry ID: CVE-2002-1337

Bugtraq: 6991

Signature Description: This rule hits when an attempt is made to exploit a known prescan function vulnerability in the

older versions of Sendmail.Vulnerability exists in the prescan() function used in Sendmail prior to version 8.12.9.

Prescan function fails when converting a character to an integer value while processing SMTP headers. An attacker

could exploit this condition by sending large string to the prescan function.

Signature ID: 2214

SMTP SAML FROM sendmail prescan too long addresses overflow

Threat Level: Critical

Industry ID: CVE-2003-0161 Bugtraq: 7230

Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to

another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic

routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in

the SMTP header parsing component, caused by improper bounds checking of user suppled data. A successful

exploitation of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability

is fixed in the Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker

sending SAML FROM formatted addres field.

Signature ID: 2215

SMTP SAML FROM sendmail prescan too many addresses overflow

Threat Level: Critical

Industry ID: CVE-2002-1337 Bugtraq: 6991

Signature Description: A buffer overflow in Sendmail 5.79 to 8.12.8 allows remote attackers to execute arbitrary code

via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr

function of headers.c . A vulnerability exists in the prescan() function used in Sendmail prior to version 8.12.9. This

function contains an error when converting a character to an integer value while processing SMTP headers.

Signature ID: 2216

SMTP SEND FROM sendmail prescan too long addresses overflow

Threat Level: Critical

Industry ID: CVE-2003-0161 Bugtraq: 7230

Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to

another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic

routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in

the SMTP header parsing component, caused by certain conversions from char and int types. A successful exploitation

of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability is fixed in the

Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker sending SEND

FROM formatted addres field.

Signature ID: 2217

SMTP SEND FROM sendmail prescan too many addresses overflow

Threat Level: Critical

Industry ID: CVE-2002-1337 Bugtraq: 6991