Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 986

Network and Security Manager Administration Guide
SMTP:OVERFLOW:FILENAME
SMTP:OVERFLOW:METAMAIL-HDR-FS2
SMTP:OVERFLOW:METAMAIL-HDR-OF1
SMTP:OVERFLOW:METAMAIL-HDR-OF2
SMTP:OVERFLOW:OUTLOOK-CERT-OF
SMTP:OVERFLOW:REPLY-LINE
SMTP:OVERFLOW:SENDMAIL-CMT-OF1
SMTP:OVERFLOW:SENDMAIL-CMT-OF2
936
This protocol anomaly is an SMTP content-disposition
filename that exceeds the user-defined maximum. The
default number of bytes in a content-disposition filename
is 128.
This signature detects SMTP messages with headers that
contain format string errors. Metamail 2.7 and earlier versions
are vulnerable. Because Metamail does not handle SMTP
headers correctly, attackers may send maliciously crafted
SMTP messages to execute arbitrary code at the same
privilege level as the target (typically user). Note: Systems
that typically carry non-English e-mail messages should not
include this attack object in their security policy.
This signature detects SMTP messages with large headers
that contain character set information. Metamail 2.7 and
earlier versions are vulnerable. Because Metamail does not
handle SMTP headers correctly, attackers may send
maliciously crafted SMTP messages to execute arbitrary
code at the same privilege level as the target (typically a
user). Note: Systems that typically carry non-English e-mail
messages should not include this attack object in their
security policy.
This signature detects SMTP messages with large headers
that contain character set information. Metamail 2.7 and
earlier versions are vulnerable. Because Metamail does not
handle SMTP headers correctly, attackers may send
maliciously crafted SMTP messages to execute arbitrary
code at the same privilege level as the target (typically a
user). Note: Systems that typically carry non-English e-mail
messages should not include this attack object in their
security policy.
This signature detects buffer overflow attempts against
Microsoft Outlook Express, which ships with Internet Explorer
5.5. Attackers may send a maliciously crafted e-mail to a
host; if the host opens the e-mail in Outlook Express,
attackers may execute arbitrary code on the host.
This protocol anomaly is a server reply line in an SMTP
connection that is too long. This may indicate a buffer
overflow attempt by a compromised or malicious SMTP
server.
This signature detects attempts to exploit a vulnerability in
Sendmail. Sendmail versions 5.79 to 8.12.7 are vulnerable.
Attackers may include multiple empty address containers
in an SMTP header field to overflow the SMTP header buffer
and force Sendmail to execute arbitrary code on the host;
attackers may obtain root access.
This signature detects attempts to exploit a vulnerability in
Sendmail. Sendmail versions 5.79 to 8.12.7 are vulnerable.
Attackers may include multiple empty address containers
in an SMTP header field to overflow the SMTP header buffer
and force Sendmail to execute arbitrary code on the host.
high sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
critical sos5.0.0,
sos5.1.0
critical sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.