TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

291

292

293

294

295

296

297

298

299

300

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

292

Signature ID: 2242

SMTP Content-Type overflow attempt vulnerability

Threat Level: Severe

Industry ID: CVE-2003-0113 Bugtraq: 7419

Signature Description: URLMON.DLL is a library used by Microsoft Internet Explorer. Microsoft Internet Explorer

5.01, 5.5 and 6.0 are vulnerable to buffer over flow. A remote attacker could exploit this vulnerability by sending a

long argument to content-type field. A successful exploitation of this attack will allow attacker to execute arbitary

commands. Apply a patch as described in MS03-015.

Signature ID: 2243

SMTP From command overflow attempt

Threat Level: Information

Industry ID: CVE-2004-0400 Bugtraq: 10291 Nessus: 14493,12538

Signature Description: Mail Servers are reportedly prone to a remotely exploitable stack-based buffer overrun

vulnerability.This issue is exposed if header syntax checking has been enabled in the agent and may be triggered by a

malicious e-mail.If this condition were to be exploited, it would result in execution of arbitrary code in the context of

the mail transfer agent. Otherwise, the agent would crash when handling malformed syntax in an e-mail message.Mail

System Versions Exim 4 and before 4.33 are vulnerable to this attack.

Signature ID: 2244

SMTP Mail Transfer Agent MAIL FROM Overflow Attempt Vulnerability

Threat Level: Critical

Industry ID: CVE-2004-0399 Bugtraq: 10290

Signature Description: This rule tries to detect an attempt to overflow the MAIL FROM field in SMTP header.

Applications like Exim version 4.32 is vulnerable to stack-based buffer overflow, caused by improper bounds checking

in the SMTP header. A remote attacker could exploit this vulnerability to overflow a buffer and possibly execute

arbitrary code on the vulnerable system. Upgrade to the latest version of exim(3.35 or later).

Signature ID: 2245

SMTP ReplyTo command overflow vulnerability

Threat Level: Information

Industry ID: CVE-2004-0400 Bugtraq: 10291 Nessus: 14493,12538

Signature Description: This rule tries to detect an attempt to overflow the ReplyTo field in SMTP header. Exim version

4.32 is vulnerable to stack-based buffer overflow, caused by improper bounds checking in the SMTP header. If the

headers_check_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a remote

attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable

system. Upgrade to the latest version of exim(3.35 or later) to resolve this issue.

Signature ID: 2246

SMTP Sender command overflow vulnerability

Threat Level: Information

Industry ID: CVE-2004-0400

Bugtraq: 10291 Nessus: 14493,12538

Signature Description: This rule tries to detect an attempt to overflow the SENDER field in SMTP header. Exim

version 4.32 is vulnerable to stack-based buffer overflow, caused by improper bounds checking in the SMTP header. If

the headers_check_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a

remote attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the

vulnerable system. Upgrade to the latest version of exim(3.35 or later) to resolve this issue.