Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 974

Network and Security Manager Administration Guide
SMTP:IIS:IIS-ENCAPS-RELAY
SMTP:INVALID:2MANY-BOUNDARY
SMTP:INVALID:BASE64-CHAR
SMTP:INVALID:BOUNDARY-MISS
SMTP:INVALID:DUP_AUTH
SMTP:INVALID:DUP-BOUNDARY
SMTP:INVALID:UNFIN-MULTIPART
SMTP:MAJORDOMO:COMMAND-EXEC
SMTP:MAL:ACROBAT-UUEXEC
SMTP:MAL:EMAIL-URL-HIDING-ENC
924
This signature detects attempts to exploit a vulnerability in
the Microsoft SMTP Service in Microsoft IIS. Versions 4.0
and 5.0 are vulnerable. A maliciously crafted 'rcpt to:'
command can circumvent e-mail relaying rules. Attackers
may impersonate trusted e-mails or send spam
anonymously.
This protocol anomaly is an SMTP boundary depth that
exceeds the user-defined maximum. The boundary depth
indicates the number of nested attachments in a MIME
multipart message. The default boundary depth is 4.
This protocol anomaly is an SMTP message with base64
encoding that contains an invalid character.
This protocol anomaly is an SMTP message with a
content-type multipart that has no boundary parameter.
The boundary parameter specifies a text string that is used
to delimit the parts of the multipart message.
This protocol anomaly is multiple AUTH commands within
a single SMTP transaction.
This protocol anomaly is an SMTP message with a MIME
multipart content-type that uses duplicate boundaries.
This protocol anomaly is an SMTP message with a MIME
multipart boundary that exceeds actual multipart data (all
data is processed but unfinished boundary delimiters exist).
This signature detects attempts to send shell commands
via an SMTP e-mail message by exploiting the back-tick (`)
vulnerability in Great Circle Associates Majordomo, a
perl-based Internet e-mail list server. When processing a list
command, Majordomo compares the "reply to" e-mail
address again the advertise/noadvertise lists (if configured).
During this comparison, Majordomo may be tricked into
executing commands when it expands the back-tick operator
(used by UNIX to enclose executable commands in a shell
command line). Attackers may use the back-tick operator
in the "reply to" e-mail header to execute arbitrary
commands on the server.
This signature detects a maliciously crafted PDF file attached
to an e-mail. Attackers may insert certain shell
metacharacters at the beginning of a uuencoded PDF file to
force Adobe Acrobat to execute arbitrary commands upon
loading the file.
This signature detects attempts to exploit a vulnerability in
Microsoft Outlook Express. Attackers may embed binary
control characters in a URL that is included in an e-mail;
when the URL is viewed, these control characters prevent
Outlook Express and Internet Explorer from displaying the
complete URL, which may have malicious content.
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.1.0
high sos5.1.0
Copyright © 2010, Juniper Networks, Inc.