TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

651

652

653

654

655

656

657

658

659

660

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

655

Signature ID: 30011

Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2006-6424

Bugtraq: 21725

Signature Description: Novell NetMail is an ISP-grade E-Mail package by Novell, Inc. Novell NetMail 3.52 and

earlier are vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the IMAP service

imapd. IMAP protocol specifies a method called command continuation to allow string exchanges between server and

client that contain the end of line characters as well as space characters without the limitations imposed by the normal

parameter passing methods. By sending a specially-crafted command continuation request appended to IMAP verbs, a

remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Novell has issued an update to correct this vulnerability. Users are advised to install this update.

Signature ID: 30012

Ipswitch IMail IMAP SEARCH Buffer Overflow

Threat Level: Severe

Industry ID: CVE-2007-3925 CVE-2005-3926 CVE-2007-4377 CVE-2005-4267 CVE-2006-0637 Bugtraq:

15980,24962,25318

Signature Description: Ipswitch IMail Server is a proven messaging technology that delivers scalable, standards-based

email with innovate easy-to-use protection from spam and viruses. Ipswitch IMail server (Ipswitch IMail Server 2006.2

and 2006.21) is vulnerable to a stack-based buffer overflow. By sending a specially crafted IMAP Search command

with overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system to crash.

Signature ID: 30013

IMAP Daemon COPY Command Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2005-4267 CVE-2006-0637 Bugtraq: 15980

Signature Description: This rule triggers when an attempt is made to send a long COPY command to the IMAP server.

The COPY command copies the specified message(s) to the end of the specified destination mailbox. By sending a

specially-crafted COPY request to the IMAP server a remote attacker could overflow a buffer and execute arbitrary

code on the system or cause the application to crash. Qualcomm WorldMail 3.0 is vulnerable to this issue via a long

IMAP COPY command that ends with a "}" character. Users are advised to upgrade to Eudora Qualcomm WorldMail

version 3.1.

Signature ID: 30014

IMAP Daemon SELECT Command Directory Traversal Attempt

Threat Level: Information

Industry ID: CVE-2005-3189

Bugtraq: 15488

Signature Description: The IMAP protocol supports the use of multiple folders and contains commands which allow

users to specify specific paths. Qualcomm Eudora WorldMail Server version 3.0 and possibly other versions could

allow a remote attacker with a valid email account on the server to traverse directories on the IMAP server by using

SELECT command containing "dot dot" sequences (/../). Successful exploitation could allow an attacker to gain access

to files owned by other users of the application. Attackers may also be able to affect system stability with the ability to

move arbitrary folders on the affected system. Users are advised to upgrade to Eudora Qualcomm WorldMail version

3.1.

Signature ID: 30015

Microsoft SQL Server Resolution Service Stack Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0649

Bugtraq: 5311