TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

481

482

483

484

485

486

487

488

489

490

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

488

Signature ID: 14007

POP3 CAPA Command overflow attempt

Threat Level: Information

Signature Description: This rule hits when an attempt is made to exploit a buffer overflow condition in the Post Office

Protocol (POP) using the command CAPA. Possible remote execution of arbitrary code leading to a remote root

compromise. Attacker sends a large CAPA command to POP server causing POP server to crash or he can execute his

code on the server machine to gain full access on the vulnerable system.

Signature ID: 14008

POP3 TOP Command overflow attempt

Threat Level: Information

Signature Description: This rule hits when an attempt is made to exploit a buffer overflow condition in the Post Office

Protocol (POP) using the command TOP. Possible remote execution of arbitrary code leading to a remote root

compromise. Attacker sends a large TOP command to POP server causing POP server to crash or he can execute his

code on the server machine to gain full access on the vulnerable system.

Signature ID: 14009

POP3 STAT Command overflow attempt

Threat Level: Information

Signature Description: This rule hits when an attempt is made to exploit a buffer overflow condition in the Post Office

Protocol (POP) using the command STAT. Possible remote execution of arbitrary code leading to a remote root

compromise. Attacker sends a large STAT command to POP server causing POP server to crash or he can execute his

code on the server machine to gain full access on the vulnerable system..

Signature ID: 14010

POP3 DELE command overflow attempt

Threat Level: Information

Signature Description: This rule hits when an attempt is made to exploit a buffer overflow condition in the Post Office

Protocol (POP) using the command DELE. Possible remote execution of arbitrary code leading to a remote root

compromise. Attacker sends a large DELE command to POP server causing POP server to crash or he can execute his

code on the server machine to gain full access on the vulnerable system.

Signature ID: 14011

POP3 RSET Command overflow attempt

Threat Level: Information

Signature Description: This rule hits when an attempt is made to exploit a buffer overflow condition in the Post Office

Protocol (POP) using the command RSET. Possible remote execution of arbitrary code leading to a remote root

compromise. Attacker sends a large RSET command to POP server causing POP server to crash or he can execute his

code on the server machine to gain full access on the vulnerable system.

Signature ID: 14012

APOP command overflow vulnerability

Threat Level: Information

Industry ID: CVE-2004-2375

Bugtraq: 9794

Signature Description: POP Server has been reported prone to a remote buffer overflow vulnerability. The issue exists

due to a lack of sufficient boundary checks performed on user-supplied data.A remote attacker may pass excessive data

as an argument for an "APOP" command passed to the affected server. The attacker may exploit this issue to corrupt a