TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

421

422

423

424

425

426

427

428

429

430

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

430

Signature ID: 11014

IMAP auth overflow attempt

Threat Level: Severe

Industry ID: CVE-1999-0005 Bugtraq: 8861,130

Signature Description: A remote user sends an overly long string to an IMAP server via the command AUTH. This

may indicate an attempt to exploit a buffer overflow condition. Successful attempt may cause IMAP Service to crash or

the attacker gains access on the affected server.

Signature ID: 11015

IMAP authenticate literal overflow vulnerability

Threat Level: Severe

Industry ID: CVE-1999-0042 CVE-1999-0005 Bugtraq: 130 Nessus: 10292,10125

Signature Description: A vulnerability exists in certain imapd implementations that allow an attacker to execute

arbitrary code remotely. In certain instances, the code to be executed will be run with root privilege. Imap supports a

command 'AUTHENTICATE' which specifies the type of authentication mechanism to be used to open a mailbox. A

successful exploitation of this attack will allow an attacker to execute arbitrary code on the vulnerable system. This rule

will triggers when attacker sending an overly long argument to the authenticate command.

Signature ID: 11016

IMAP find overflow attempt

Threat Level: Severe

Industry ID: CVE-2000-0284 Bugtraq: 1110 Nessus: 10374,10625

Signature Description: A buffer overflow exists in imapd. The vulnerability exists in the FIND command. By

supplying a long, well-crafted string as the second argument to the FIND command, it becomes possible to execute

code on the machine.Executing the FIND command requires an account on the machine. In addition, privileges have

been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a

scenario where a user has an account, but no shell level access. This would allow them to gain shell access.

Signature ID: 11017

IMAP list literal overflow attempt

Threat Level: Information

Industry ID: CVE-2000-0284 Bugtraq: 1110 Nessus: 10374,10625

Signature Description: A Stack based buffer overflow exists in imapd. The vulnerability exists in the LIST command.

By sending a long string ending with a '}' character as the second argument to the LIST command, it becomes possible

to execute code on the machine or can overflow buffer. Executing the LIST command requires an account on the

machine. This is a pre-authentication vulnerability. To exploit this vulnerability an attacker would need to be able

connect to the e-mail server and the IMAP module would have to be enabled (default). This would allow them to gain

shell access.

Signature ID: 11018

IMAP list overflow attempt

Threat Level: Severe

Industry ID: CVE-2000-0284

CVE-2005-4267 CVE-2004-1546 Bugtraq: 1110,15980,11238 Nessus: 10374,10625

Signature Description: A buffer overflow exists in imapd. University of Washington imapd version 12.264 is

vulnerable to remote buffer overflow vulnerability. By supplying a long, well-crafted string as the second argument to

the LIST command, it becomes possible to execute code on the machine remotely. Executing the LIST command

requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the