TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
287
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in
the SMTP header parsing component, caused by improper bounds checking of user suppled data. A successful
exploitation of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability
is fixed in the Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker
sending SEND FROM formatted addres field.
Signature ID: 2218
SMTP SOML FROM sendmail prescan too long addresses overflow
Threat Level: Critical
Industry ID: CVE-2003-0161 Bugtraq: 7230
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in
the SMTP header parsing component, caused by certain conversions from char and int types. A successful exploitation
of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability is fixed in the
Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker sending SOML
FROM formatted addres field.
Signature ID: 2219
SMTP SOML FROM sendmail prescan too many addresses overflow
Threat Level: Critical
Industry ID: CVE-2002-1337 Bugtraq: 6991
Signature Description: Sendmail is a Mail Transfer Agent, which is the program that moves mail from one machine to
another. Sendmail implements a general internetwork mail routing facility, featuring aliasing and forwarding, automatic
routing to network gateways, and flexible configuration. Sendmail 5.2 to 8.12.7 are vulnerable to a buffer overflow in
the SMTP header parsing component, caused by improper bounds checking of user suppled data. A successful
exploitation of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This vulnerability
is fixed in the Sendmail 8.12.9. Administrators are advised to update the product. This rule will triggers when attacker
sending SOML FROM formatted addres field.
Signature ID: 2220
SMTP VRFY overflow vulnerability
Threat Level: Critical
Industry ID: CVE-2003-0161
Signature Description: Simple Mail Transfer Protocol is a TCP/IP protocol used in sending and receiving e-mail. A
remotely exploitable buffer-overflow vulnerability affects SMTP server. The problem lies in the code that handles the
'VERFY' command. A successful exploitation of this attack will allow an attacker to execute arbitrary code on the
vulnerable system. This rule will triggers when attacker sending an overly long argument to the 'VERFY' command.
Signature ID: 2221
SMTP WinZip MIME content-disposition buffer overflow
Threat Level: Information
Industry ID: CVE-2004-0333
Bugtraq: 9758 Nessus: 12621
Signature Description: A buffer overflow error exists in the way that WinZip handles certain parameters of MIME
archives.This error results in a vulnerability when WinZip attempts to interpret invalid data in a MIME-encoded file.An
attacker could exploit this vulnerability by introducing a specially-crafted file to be opened by WinZip, and then
coaxing or tricking a user or application into opening it. The malicious file could be introduced in a number of ways