Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
291292293294295296297298299300
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
291
information returned by the client. If the response by the client to Sendmail is longer than expected, the response
overflows the buffer. This condition could allow a remote attacker to execute commands on the host system and gain
privileged access to the system.Eric Allman Sendmail 8.6.9 is vulnerable to this attack.Upgrade to at least version
8.6.10 of sendmail.
Signature ID: 2237
SMTP vrfy decode
Threat Level: Information
Industry ID: CVE-1999-0096 CVE-2004-0763 Bugtraq: 10248
Signature Description: This event is generated when a remote user attempts to scan for a vulnerability in the VRFY
command on internal SMTP servers.A remote attacker can send mail to the decode or uudecode alias that is present on
some systems to create or overwrite files on the remote host. This allows an attacker to gain remote access to the
system.
Signature ID: 2238
SMTP vrfy root
Threat Level: Information
Signature Description: This event is generated when an external attacker uses the "vrfy root"<br>command to find the
login name or mail alias of the system<br>administrator.The VRFY command may be used to check the validity of an
account
Signature ID: 2239
SMTP BCC command overflow vulnerability
Threat Level: Information
Industry ID: CVE-2004-0400 Bugtraq: 10291 Nessus: 14493,12538
Signature Description: This rule tries to detect an attempt to overflow the 'BCC' field in SMTP header. Exim version
4.32 is vulnerable to stack-based buffer overflow, caused by improper bounds checking in the SMTP header. If the
headers_check_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a remote
attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable
system. Upgrade to the latest version of exim(3.35 or later) to resolve this issue.
Signature ID: 2240
SMTP CC command overflow vulnerability
Threat Level: Information
Industry ID: CVE-2004-0400 Bugtraq: 10291 Nessus: 14493,12538
Signature Description: This rule tries to detect an attempt to overflow the 'CC' field in SMTP header. Exim version
4.32 is vulnerable to stack-based buffer overflow, caused by improper bounds checking in the SMTP header. If the
headers_check_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a remote
attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable
system. Upgrade to the latest version of exim(3.35 or later) to resolve this issue.
Signature ID: 2241
SMTP Content-Encoding overflow attempt vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0113
Bugtraq: 7419
Signature Description: URLMON.DLL is a library used by Microsoft Internet Explorer. Microsoft Internet Explorer
5.01, 5.5 and 6.0 are vulnerable to buffer over flow. A remote attacker could exploit this vulnerability by sending long
argument to content-encoding field. A successful exploitation of this attack will allow attacker to execute arbitary
command. Apply a patch as described in MS03-015.