TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
293
Signature ID: 2247
SMTP To command overflow vulnerability
Threat Level: Information
Industry ID: CVE-2004-0400
Bugtraq: 10291 Nessus: 14493,12538
Signature Description: This rule tries to detect an attempt to overflow the TO field in SMTP header. Exim version 4.32
is vulnerable to stack-based buffer overflow, caused by improper bounds checking in the SMTP header. If the
headers_check_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a remote
attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable
system. Upgrade to the latest version of exim(3.35 or later) to resolve this issue.
Signature ID: 2248
Microsoft SSL PCT buffer overflow vulnerability
Threat Level: Critical
Industry ID: CVE-2003-0719 Bugtraq: 10116 Nessus: 12209
Signature Description: A buffer overrun vulnerability exists in the Private Communications Transport (PCT) protocol,
which is part of the Microsoft Secure Sockets Layer (SSL) library. Only systems that have SSL enabled, and in some
cases Windows 2000 domain controllers, are vulnerable. An attacker who successfully exploited this vulnerability
could take complete control of an affected system.All programs that use SSL could be affected. Although SSL is
generally associated with Internet Information Services by using HTTPS and port 443, any service that implements
SSL on an affected platform is likely to be vulnerable. In this case PCT should work for SMTP (STARTTLS). This
includes but is not limited to, Microsoft Internet Information Services 4.0, Microsoft Internet Information Services 5.0,
Microsoft Internet Information Services 5.1, Microsoft Exchange Server 5.5, Microsoft Exchange Server 2000,
Microsoft Exchange Server 2003, Microsoft Analysis Services 2000 (included with SQL Server 2000), and any third-
party programs that use PCT (MS04-011)
Signature ID: 2249
Microsoft Windows Collaboration Data Objects buffer overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1987 Bugtraq: 15067
Signature Description: Collaboration Data Objects (CDO) is a Component Object Model (COM) component designed
to, among other functions, make it easier to write programs that create or change Internet mail messages. Microsoft
Windows 2000, Windows XP, Windows Server 2003 and Microsoft Exchange 2000 Server could allow a remote
attacker to execute arbitrary code on the system, caused by a buffer overflow in the Collaboration Data Objects (CDO).
This rule will triggers when an attempt is made to send a long argument to from header field.
Signature ID: 2250
Microsoft Windows Collaboration Data Objects buffer overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1987
Bugtraq: 15067
Signature Description: Collaboration Data Objects (CDO) is a Component Object Model (COM) component designed
to, among other functions, make it easier to write programs that create or change Internet mail messages. Microsoft
Windows 2000, Windows XP, Windows Server 2003 and Microsoft Exchange 2000 Server could allow a remote
attacker to execute arbitrary code on the system, caused by a buffer overflow in the Collaboration Data Objects (CDO).
This rule will triggers when an attempt is made to send a long argument to content-type header field.
Signature ID: 2251
Microsoft Exchange Server X-LINK2STATE Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0560
Bugtraq: 13118