TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

431

432

433

434

435

436

437

438

439

440

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

434

Signature ID: 11032

IMAP delete command buffer overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2004-1520 Bugtraq: 11675

Signature Description: IMAP DELETE command permanently removes the mailbox with the given name. It takes

argument as the Mailbox name that needs to be deleted from the Server. This rule triggers when an attempt is made to

exploit a buffer overflow associated with an IMAP product by using DELETE command. In this case DELETE

command with argument length exceeding 100 bytes causes this rule to hit. Products like Ipswitch IMail 8.13 are

vulnerable to this type of attack. No remedy available as of July 6, 2008.

Signature ID: 11033

IMAP examine literal overflow attempt

Threat Level: Information

Industry ID: CVE-2004-1211 Bugtraq: 11775

Signature Description: A buffer overflow exists in imapd. The vulnerability exists in the EXAMINE command. By

supplying a long, well-crafted string as the second argument to the EXAMINE command, it becomes possible to

execute code on the machine.Executing the EXAMINE command requires an account on the machine. In addition,

privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would

only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell

access.

Signature ID: 11034

IMAP examine overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2004-1211 Bugtraq: 11775

Signature Description: A buffer overflow exists in imapd. The vulnerability exists in the EXAMINE command. By

Mercury is a free, standards-based mail server solution, providing comprehensive, fast server support for all major

Internet e-mail protocols. It is supplied in two versions, one hosted on Windows systems, the other running as a set of

NLMs on Novell NetWare file servers. Mercury/32 version 4.01a is vulnerable to a buffer overflow, caused by

improper bounds checking of user suppled data. A successful exploitation of this issue will allow an attacker to execute

arbitrary code on the vulnerable system. The vulnerability is fixed in the Mercury/32 version 4.01b. Administrators are

advised to update the product. This rule will triggers when sending long argument to EXAMINE command.

Signature ID: 11035

IMAP fetch overflow attempt

Threat Level: Severe

Industry ID: CVE-2004-1211 Bugtraq: 11775

Signature Description: A buffer overflow exists in imapd. The vulnerability exists in the FETCH command. By

supplying a long, well-crafted string as the second argument to the FETCH command, it becomes possible to execute

code on the machine.Executing the FETCH command requires an account on the machine. In addition, privileges have

been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a

scenario where a user has an account, but no shell level access. This would allow them to gain shell access.IMAP

service in Mercury/32 4.01a is vulnerable to this attack.

Signature ID: 11036

IMAP login format string attempt

Threat Level: Severe

Industry ID: CVE-2004-0777 Bugtraq: 10976 Nessus: 14342,12103