Table of Contents
Advertisement
SMB:ERROR:MAL-MSG
SMB:EXPLOIT:ACCOUNT-NAME-OF
SMB:EXPLOIT:DOT-JOB
SMB:EXPLOIT:LANMAN-NUKE
SMB:EXPLOIT:LINUX-TRANS2-OF
SMB:EXPLOIT:NULL-FILENAME
SMB:EXPLOIT:NULL-PATH
SMB:EXPLOIT:NULL-SERVICE
SMB:EXPLOIT:REGISTRY-DOS
SMB:EXPLOIT:SAMBA-DIR-TRAV
SMB:EXPLOIT:WINBLAST-DOS
Copyright © 2010, Juniper Networks, Inc.
This protocol anomaly is a malformed SMB message in
which the wcount field is larger than the message size.
This signature detects attempts to overflow the SMB
Account Name. ISS BlackICE, Proventia, and RealSecure
products are vulnerable to this buffer overflow. A successful
attack could give an attacker complete control of these
systems.
This signature detects a Microsoft Task Scheduler (.job) file
being copied over an SMB network share. Microsoft Windows
XP Service Pack 1 and Microsoft Windows 2000 Service
Pack 2 and earlier are vulnerable. Attackers may open a
malicious .job file in Task Scheduler to execute arbitrary code
and compromise the system.
This protocol anomaly is a LANMAN request
(NetServerEnum, NetServerEnum2, or NetShareEnum) over
a named pipe transaction where the max-param-count
and/or the max-data-count of the Transaction header is
zero. Attackers can use this malformed request to crash an
unpatched Microsoft NT, 2000, or XP server.
This signature detects attempts to exploit a vulnerability in
the Server Message Block File System (SMBFS)
implemented in the Linux kernel. Kernels 2.4 and 2.6 are
vulnerable. Attackers may gain root access on the target
host.
This protocol anomaly is an empty Filename field in the
Delete, Rename, Move or Copy SMBs.
This protocol anomaly is an empty Path field in the Tree
Connect SMB. This may be a misbehaving client or an
attempt to exploit vulnerabilities in the SMB server.
This protocol anomaly is an empty Service field in the Tree
Connect SMB. This may be a misbehaving client or an
attempt to exploit vulnerabilities in the SMB server.
DI has detected a suspiciously large registry key in the
OpenKey function executed using a named-pipe transaction.
Large key sizes in the OpenKey function can cause the
winlogon.exe process in Window NT 4.0 to crash.
This signature detects SMB requests for pathnames that
attempt to traverse the server root. Samba 3.0.5 and earlier
versions are vulnerable. Malicious users can send "get", "put",
and "dir" commands to a Samba server to access files
outside the shared directories.
Microsoft Windows Samba File Sharing Resource Exhaustion
Vulnerability
Appendix E: Log Entries
high
sos5.1.0
critical
sos5.1.0
medium
sos5.1.0
critical
sos5.1.0
high
sos5.1.0
medium
sos5.1.0
medium
sos5.1.0
medium
sos5.1.0
critical
sos5.1.0
medium
sos5.1.0
medium
sos5.1.0
925
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008