TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

291

292

293

294

295

296

297

298

299

300

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

294

Signature Description: SMTP extended verbs are an addition of new functionality to the SMTP protocol. Microsoft

Exchange uses one such extended verb "X-LINK2STATE" to communicate routing and other Exchange-specific

information among Exchange servers in an Exchange environment. A buffer overflow error exists in

SvrAppendReceivedChuck() function of the xlsasink.dll library of Microsoft Exchange Server. In this function, the

data received in an X-LINK2STATE command is not sufficiently validated before being copied into a buffer.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of

service.

Signature ID: 2996

SMTP command with command length exceeding 512 bytes detected.

Threat Level: Information

Industry ID: CVE-2000-0042

CVE-2000-0452 CVE-1999-0284 CVE-1999-0098 CVE-1999-1516 CVE-1999-0261

CVE-1999-0231 CVE-2005-0560 Nessus:

10047,10050,10435,10419,10256,10260,10284,10324,10042,10353,10136,10162,10254,10438

Signature Description: SMTP(Simple Mail Transfer Protocol) is a TCP/IP protocol. It is used to transfer e-mail

<br>messages between computers. Most e-mail systems that send mail over the Internet use SMTP to send messages

from one server to another. This rule will trigger when the command length exceeding 512 bytes. The successful

exploitation of this will cause to crashing the servers.

Signature ID: 2997

Smtp Header Length exceeding configured maximum limit

Threat Level: Information

Signature Description: SMTP(Simple Mail Transfer Protocol) is a TCP/IP protocol. It is used to transfer e-mail

<br>messages between computers. Most e-mail systems that send mail over the Internet use SMTP to send messages

from one server to another. This rule will trigger when the Header Length is exceeding configured maximum limit. The

successful exploitation of this will cause to crash the server.

Signature ID: 2998

Smtp Mime Header exceeding configured maximum limit

Threat Level: Information

Signature Description: SMTP(Simple Mail Transfer Protocol) is a TCP/IP protocol. It is used to transfer e-mail

messages between computers. Most e-mail systems that send mail over the Internet use SMTP to send messages from

one server to another. This rule will trigger when the Mime Header Length is exceeding configured maximum limit.

The successful exploitation of this will cause to crash the server.

Signature ID: 2999

Smtp Data has more than maximum configured number of Boundarys.

Threat Level: Information

Signature Description: SMTP(Simple Mail Transfer Protocol) is a TCP/IP protocol. It is used to transfer e-mail

messages between computers. Most e-mail systems that send mail over the Internet use SMTP to send messages from

one server to another. This rule will trigger when the SMTP Data is exceeding maximum configured number of

boundaries. The successful exploitation of this will cause to crash the server.

Signature ID: 3001

NetSphere presence detection

Threat Level: Severe

Industry ID: CVE-1999-0660 Nessus:

10005,10024,10152,10151,10409,10053,10270,10501,10288,10307,10350,10920,10921

Signature Description: Trojan horses are malicious program which usually hacker used to bind it with some other