sos5.1.0
critical
This signature detects buffer overflow attempts against
Sendmail. Sendmail versions 8.8.0 and 8.8.1 are vulnerable.
Attackers may embed a maliciously crafted MIME header in
an e-mail to overflow a buffer in Sendmail and execute
arbitrary commands as root.
SMTP:OVERFLOW:SENDMAIL-MIME-OF
sos5.1.0
medium
This signature detects SMTP messages with Base-64
encoded headers. SquirrelMail 1.4.3a and earlier versions do
not correctly sanitize SMTP headers. Attackers may send
maliciously crafted SMTP messages to execute arbitrary
code at the same privilege level as the target (typically user).
Note: Systems that typically carry non-English e-mail
messages should not include this attack object in their
security policy.
SMTP:OVERFLOW:SQRLMAIL-HDR-INJ
sos5.0.0,
sos5.1.0
medium
This protocol anomaly is too many 'RCPT TO:' recipients in
an SMTP connection. This may indicate a very popular e-mail
message or a DoS/buffer overflow attempt.
SMTP:OVERFLOW:TOO-MANY-RCPT
sos5.1.0
medium
This protocol anomaly is an unparsed SMTP command line
or header line due to a missing ':'. This may indicate a
nonstandard e-mail client or server or a backdoor/exploit
attempt.
SMTP:REQERR:REQ-SYNTAX-ERROR
sos5.1.0
high
This signature detects SMTP server responses that are
generated when an unsuccessful attempt is made to send
shell commands via an SMTP e-mail message by exploiting
the pipe (|) passthrough vulnerability in SendMail. If the '|'
operator was used within specified "mail to" and/or "rcpt
to" e-mail addresses to cause Sendmail to reroute data to
another program, attackers receive a '550' error message.
SMTP:RESPONSE:PIPE-FAILED
sos5.1.0
medium
This signature detects character strings within an e-mail
message that are designed to exploit a vulnerability in
SpamAssasssin. SpamAssassin Project SpamAssassin 2.63
and earlier are vulnerable. SpamAssassin uses a weighting
system to determine when an e-mail message is spam.
Attackers may send a maliciously crafted e-mail with a
spoofed address to cause SpamAssassin to consider all
further e-mail from the spoofed address as spam, regardless
of the target's whitelist settings. After the malicious e-mail
has been received by the target, SpamAssassin blocks all
e-mails from the spoofed address.
SMTP:SAGTUBE-DOS
sos5.0.0,
sos5.1.0
high
This signature detects attempts to exploit a vulnerability in
Sendmail SMTP server versions prior to 8.12.9. Because the
prescan() procedure that processes e-mail addresses in
SMTP headers does not perform some char and int
conversions correctly, attackers may send a maliciously
crafted request to corrupt the Address Prescan Memory on
a Sendmail SMTP server and execute arbitrary code.
SMTP:SENDMAIL:ADDR-PRESCAN-ATK
sos5.0.0,
sos5.1.0
high
This signature detects attempts to exploit a vulnerability in
Sendmail versions 8.12.8 and earlier. Under certain
conditions, the Sendmail address parser does not perform
sufficient bounds checking when converting char to int.
Attackers may use this exploit to gain control of the server.
SMTP:SENDMAIL:SENDMAIL-FF-OF
937
Copyright © 2010, Juniper Networks, Inc.
Appendix E: Log Entries
Содержание NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Страница 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Страница 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Страница 236: ...Copyright 2010 Juniper Networks Inc 186 Network and Security Manager Administration Guide...
Страница 292: ...Copyright 2010 Juniper Networks Inc 242 Network and Security Manager Administration Guide...
Страница 314: ...Copyright 2010 Juniper Networks Inc 264 Network and Security Manager Administration Guide...
Страница 368: ...Copyright 2010 Juniper Networks Inc 318 Network and Security Manager Administration Guide...
Страница 370: ...Copyright 2010 Juniper Networks Inc 320 Network and Security Manager Administration Guide...
Страница 484: ...Copyright 2010 Juniper Networks Inc 434 Network and Security Manager Administration Guide...
Страница 584: ...Copyright 2010 Juniper Networks Inc 534 Network and Security Manager Administration Guide...
Страница 588: ...Copyright 2010 Juniper Networks Inc 538 Network and Security Manager Administration Guide...
Страница 600: ...Copyright 2010 Juniper Networks Inc 550 Network and Security Manager Administration Guide...
Страница 678: ...Copyright 2010 Juniper Networks Inc 628 Network and Security Manager Administration Guide...
Страница 694: ...Copyright 2010 Juniper Networks Inc 644 Network and Security Manager Administration Guide...
Страница 700: ...Copyright 2010 Juniper Networks Inc 650 Network and Security Manager Administration Guide...
Страница 706: ...Copyright 2010 Juniper Networks Inc 656 Network and Security Manager Administration Guide...
Страница 708: ...Copyright 2010 Juniper Networks Inc 658 Network and Security Manager Administration Guide...
Страница 758: ...Copyright 2010 Juniper Networks Inc 708 Network and Security Manager Administration Guide...
Страница 788: ...Copyright 2010 Juniper Networks Inc 738 Network and Security Manager Administration Guide...
Страница 882: ...Copyright 2010 Juniper Networks Inc 832 Network and Security Manager Administration Guide...
Страница 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Страница 918: ...Copyright 2010 Juniper Networks Inc 868 Network and Security Manager Administration Guide...
Страница 920: ...Copyright 2010 Juniper Networks Inc 870 Network and Security Manager Administration Guide...
Страница 1005: ...PART 6 Index Index on page 957 955 Copyright 2010 Juniper Networks Inc...
Страница 1006: ...Copyright 2010 Juniper Networks Inc 956 Network and Security Manager Administration Guide...