Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 952

Network and Security Manager Administration Guide
SMTP:EMAIL:RCPT-TO-DECODE
SMTP:EMAIL:RCPT-TO-PIPE
SMTP:EMAIL:REPLY-TO-PIPE
SMTP:EXCHANGE:DOS
SMTP:EXCHANGE:INV_BDAT_CMD
SMTP:EXCHANGE:INV_BDAT_SEC_LEN
SMTP:EXCHANGE:MAL-VERB-XEXCH50
SMTP:EXPLOIT:EUDORA-URL-SPOOF
SMTP:EXPLOIT:HCP-QUOTE-SCRIPT
902
This signature detects attempts to send shell commands
via an SMTP e-mail message by exploiting the "decode"
e-mail alias vulnerability. Attackers may use the invalid 'rcpt
to decode' as the "rcpt to" e-mail address to cause Sendmail
to reroute data to the program uudecode. Attackers may
then send uuencoded data to overwrite files or place an
arbitrary .rhosts files onto the system.
This signature detects attempts to send shell commands
via an SMTP e-mail message by exploiting the pipe
passthrough vulnerability. Attackers may use the invalid 'rcpt
to |' as the "rcpt to" e-mail address to cause Sendmail to
reroute data to another program. Some STMP servers have
been shown to use the '|' character legitimately.
This signature detects attempts to send shell commands
via an SMTP e-mail message by exploiting the pipe
passthrough vulnerability. Attackers may use the invalid
'reply to |' as the "reply to" e-mail address to cause Sendmail
to reroute data to another program. This may also be
legitimate traffic from several types of SMTP servers.
This signature detects denial-of-service (DoS) attempts
that exploit a MIME header vulnerability in Microsoft
Exchange Server 5.5. Attackers may send an e-mail message
with an empty charset value ("") in the MIME header to cause
a denial-of-service (DoS).
This protocol anomaly is a BDAT command that is not
chunk-size.
This protocol anomaly is a BDAT with a chunk-size larger
than 0x7fffffff.
This signature detects attempts to exploit a vulnerability in
Microsoft Exchange Server 5.5 and 2000. The command
verb "Xexch50", which is valid only for communication
between validated Exchange servers, is handled incorrectly.
Attackers may send the command verb with a negative
number or a very large positive number to crash the Exchange
server, and, in extreme cases with Exchange Server 2000,
may also take control of the server.
This signature detects attempts to exploit a vulnerability in
the Eudora mail client. By supplying a link containing
character entities, an attacker can force Eudora to display
a link as something other than what it really is.
This signature detects attempts to exploit a vulnerability in
URL handling with the Microsoft Help and Support Center
(HSC) when invoked with an hcp:// URL. By embedding a
quote (") character in the URL, HSC can be instructed to
load an arbitrary local file or remote web page, which can
then be used to execute scripts in the local zone.
high sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.1.0
high sos5.1.0
critical sos5.1.0
low sos5.1.0
high sos5.1.0
Copyright © 2010, Juniper Networks, Inc.