TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
288
including, but not limited to, a remote web page, an email attachment, peer-to-peer file sharing, or network
filesystems.WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages are vulnerable to this attack.<br>
Signature ID: 2222
SMTP WinZip MIME content-type buffer overflow
Threat Level: Critical
Industry ID: CVE-2004-0333
Bugtraq: 9758 Nessus: 12621
Signature Description: A buffer overflow error exists in the way that WinZip handles certain parameters of MIME
archives.This error results in a vulnerability when WinZip attempts to interpret invalid data in a MIME-encoded file.An
attacker could exploit this vulnerability by introducing a specially-crafted file to be opened by WinZip, and then
coaxing or tricking a user or application into opening it. The malicious file could be introduced in a number of ways
including, but not limited to, a remote web page, an email attachment, peer-to-peer file sharing, or network
filesystems.Winzip 6.x, 7.x, 8.0, 8.1 SR-1, 8.1, Winzip 9.0 beta versions are vulnerable to this attack.
Signature ID: 2223
Microsoft Exchange Server Extended Verb XEXCH50 Request Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0714 Bugtraq: 8838 Nessus: 11889
Signature Description: Microsoft Exchange is a popular collaboration product which includes extensive support for
electronic mail, including support for SMTP. SMTP is a standard protocol for exchanging electronic mail over the
internet. Exchange uses SMTP to communicate special handling instructions from one Exchange server to another
through the use of SMTP extended verbs. Exchange fails to process XEXCH50 command correctly. Exchange 5.5 and
Exchange 2000 are vulnerable. A successful exploitation of this attack will allow attacker to execute arbitrary
commands with user privileges. This rule will triggers when an attempt is made to exploit this vulnerability. Apply a
patch as described in Microsoft Security Bulletin MS03-046.
Signature ID: 2224
NetManage Chameleon SMTP Buffer Overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-1999-0261 Bugtraq: 2387
Signature Description: Chameleon is a suite of Internet services offered by NetManage. NetManage Chameleon 4.5
and NetManage Chameleon Unix 97 are contains a buffer overflow vulnerability that may be remotely exploitable.
This vulnerability is in the argument to the HELP command. A successful exploitation will allow an attacker to execute
arbitrary commands with user privileges. This rule will triggers when an attempt is made to exploit this vulnerability.
Signature ID: 2225
SMTP Server Scanning with Cybercop using EHLO Command
Threat Level: Information
Industry ID: CVE-1999-0531
Nessus: 10249
Signature Description: Cybercop Scanner is scanning software that searches for system vulnerabilities. It sends an
EHLO command to SMTP server ports to determine if the SMTP server will return a list of remote commands that it
accepts. Attacker then issues Vulnerable and Accepted Commands to the SMTP Server.
Signature ID: 2226
SMTP exchange mime DOS
Threat Level: Information
Industry ID: CVE-2000-1006 Bugtraq: 1869 Nessus: 10558
Signature Description: Microsoft Exchange Server 5.0 and 5.5 are unable to process emails that contain malformed
MIME headers with an empty value for charset. In the event that Exchange Server receives an email with an invalid