TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
290
Signature ID: 2231
SMTP sendmail 5.5.5 MAIL FROM Parse Vulnerability
Threat Level: Information
Industry ID: CVE-1999-0203 CVE-1999-0163 Bugtraq: 2308 Nessus: 10258
Signature Description: Older versions of sendmail, i.e before 8.6.10 are fails to process malformed Message headers,
leading to remote command execution as root. All the Verstions of sendmail based on 5.x. are vulnerable to this attack.
Attacker sends a crafted MAIL FROM Message to the server. Then the Server will execute the command. A Successful
attack allows remote execution of commands with the root privileges. Upgrade to version 8.6.10 or higher of Sendmail.
Signature ID: 2232
SMTP sendmail 5.6.5 MAIL FROM command Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0203 CVE-1999-0163 Bugtraq: 2308
Signature Description: Older versions of sendmail are vulnerabile for Message Header parsing vulnerabilty. Remote
attackers can exploits this by sending a malformed MAIL FROM value such as /usr/bin/tail or /usr/bin/sh alias
/usr/ucb/tail and by placing shell code as the message. The Received server executes the shell code in the context of
server causing remote root compromise. This vulnerability involves sending malformed "mail from" or "rcpt to"
addresses that cause sendmail to inappropriately redirect data to another program. All the Systems running Sendmail
versions lower than 8.6.10 are vulnerable to this attack.
Signature ID: 2233
SMTP sendmail 8.6.10 exploit via IDENT message with tab character
Threat Level: Critical
Industry ID: CVE-1999-0204 Bugtraq: 2311
Signature Description: Sendmail 8.6.10 allows remote attackers to execute root commands, using ident.Sendmail
version 8.6.10 connects back to the ident service to log user information. This version of Sendmail does not validate the
information returned by the client. If the response by the client to Sendmail contains special character like tab (\t)
character, sendmail fails to parse the response received. attacker can execute his exploits via this attack to gain full
control on the affected system.Systems running unpatched versions of Sendmail 8.6.10 or earlier are vulnerable to this
attack.
Signature ID: 2234
SMTP sendmail 8.6.9 IDENT remote root command excecution attempt
Threat Level: Information
Industry ID: CVE-1999-0204 Bugtraq: 2311
Signature Description: Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.Sendmail
version 8.6.9 connects back to the ident service to log user information. This version of Sendmail does not validate the
information returned by the client. If the response by the client to Sendmail is longer than expected, the response
overflows the buffer. This condition could allow a remote attacker to execute commands on the host system and gain
privileged access to the system.Eric Allman Sendmail 8.6.9 is vulnerable to this attack.Upgrade to at least version
8.6.10 of sendmail.
Signature ID: 2235
SMTP sendmail 8.6.9c IDENT Remote root exploit
Threat Level: Information
Industry ID: CVE-1999-0204 Bugtraq: 2311
Signature Description: Sendmail 8.6.9c allows remote attackers to execute root commands, using ident.Sendmail
version 8.6.9c connects back to the ident service to log user information. This version of Sendmail does not validate the