Update Details

Update #2913 (06/06/2017)

9 new signatures:

HIGH	HTTP:CHUNKED-HDR-SERVER-CHUNKED	HTTP: Chunked Header and HTTP2.0. Served chunked
MEDIUM	HTTP:STC:HTTP-EVADER-FOO	HTTP: Evader Content-Encodingfoo Detected
HIGH	APP:HPE-INTEL-MAN-RMI-ID	APP: HPE Intelligent Management Center RMI Registry Insecure Deserialization
HIGH	HTTP:EMPTY-TRANSFER-ENCODING	HTTP: Empty Transfer Encoding
HIGH	HTTP:PHP:PHPMAILER-RCE	HTTP: PHPMailer Mail escapeshellarg Command Injection
MEDIUM	SSL:HPE-NETWORK-AUTO-RED-SQLI	SSL: HPE Network Automation RedirectServlet SQL Injection
HIGH	VOIP:ASTERISK-SCCP-DOS	VOIP: Digium Asterisk chan_skinny SCCP packet Denial of Service
HIGH	IMAP:OVERFLOW:IBM-DOMINO-OF	IMAP: IBM Domino IMAP Mailbox Name Stack Buffer Overflow
HIGH	HTTP:STC:EVADOR-TRANSFER-ENCD	HTTP: Evader transfer-encoding evasion attack detection

7 updated signatures:

HIGH	NETBIOS:OVERFLOW:MAILSLOT	NETBIOS: Mailslot Overflow
HIGH	SHELLCODE:PREPENDENCODER-HTTP-2	SHELLCODE: Prepend Encoder Routine Detection Over HTTP (2)
CRITICAL	SMB:EXPLOIT:SMB1-CHAINING-MC	SMB: Samba SMB1 Packets Chaining Memory Corruption
HIGH	SMB:MS-RAP-STACK-OV	SMB: Microsoft Remote Administration Protocol Stack Overflow
HIGH	SMB:SAMBA:NMBD-BO	SMB: Samba nmbd Buffer Overflow
HIGH	HTTP:STC:IE:CVE-2017-0130-AV	HTTP: Microsoft Internet Explorer CVE-2017-0130 Access Violation
CRITICAL	SMB:TRANSACTION-RESPONSE-OF	SMB: Microsoft Windows SMB Client Transaction Response Buffer Overflow

Details of the signatures included within this bulletin:

NETBIOS:OVERFLOW:MAILSLOT - NETBIOS: Mailslot Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Samba. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2007-6015
bugtraq: 26791
url: http://www.samba.org/samba/security/CVE-2007-6015.html

Affected Products:

Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5
VMWare ESX Server 3.0.1
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server 2.0
SuSE Linux Personal 10.1
SuSE Linux Professional 10.1
Avaya Messaging Storage Server
Avaya Message Networking
Sun Solaris 10 Sparc
Red Hat Enterprise Linux Desktop 5 Client
Ubuntu Ubuntu Linux 6.06 LTS Powerpc
Ubuntu Ubuntu Linux 6.06 LTS I386
Ubuntu Ubuntu Linux 6.06 LTS Amd64
SuSE Novell Linux POS 9
Red Hat Enterprise Linux ES 3
Slackware Linux 10.2.0
Samba 2.2.0 A
Samba 3.0.23B
Samba 3.0.23A
SuSE UnitedLinux 1.0.0
SuSE SuSE Linux School Server for i386
Red Hat Desktop 3.0.0
Ubuntu Ubuntu Linux 6.10 Amd64
Ubuntu Ubuntu Linux 6.10 I386
Ubuntu Ubuntu Linux 6.10 Powerpc
Gentoo Linux
Samba 2.2.6
Samba 2.2.7
Samba 2.2.3
Samba 2.2.2
SuSE openSUSE 10.3
Apple Mac OS X 10.5
Red Hat Desktop 4.0.0
SuSE SUSE Linux Enterprise Server 8
Samba 2.2.12
Samba 3.0.11
Samba 3.0.12
Samba 3.0.13
HP HP-UX B.11.31
Samba 3.0.14A
Samba 3.0.20
Samba 3.0.20A
Samba 3.0.20B
Mandriva Corporate Server 4.0.0 X86 64
Samba 3.0.21A
Slackware Linux 10.1.0
Samba 3.0.21C
Samba 3.0.22
Red Hat Enterprise Linux WS 2.1 IA64
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux ES 2.1 IA64
Sun Solaris 9 Sparc
Avaya Interactive Response 2.0
Samba 3.0.21
Samba 2.2.9
Samba 3.0.21B
Samba 3.0.25
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2008.0 X86 64
Red Hat Fedora 7
Ubuntu Ubuntu Linux 7.10 I386
Ubuntu Ubuntu Linux 7.10 Powerpc
Avaya Intuity AUDIX LX 2.0
Samba 3.0.10
Red Hat Enterprise Linux AS 2.1
Red Hat Enterprise Linux ES 2.1
Red Hat Enterprise Linux WS 2.1
Debian Linux 3.1.0 Alpha
Debian Linux 3.1.0 Arm
Debian Linux 3.1.0 Hppa
Samba 2.0.10
Samba 2.2.0 .0A
Debian Linux 3.1.0 M68k
Debian Linux 3.1.0 Mips
Debian Linux 3.1.0 Mipsel
Debian Linux 3.1.0 Ppc
Debian Linux 3.1.0 S/390
Debian Linux 3.1.0 Sparc
VMWare ESX Server 3.0.2
Mandriva Linux Mandrake 2007.1
Mandriva Linux Mandrake 2007.1 X86 64
Samba 2.0.7
Samba 3.0.0 Alpha
Samba 2.0.9
Samba 3.0.25 Rc1
Samba 3.0.25 Rc2
Samba 3.0.25 Rc3
Avaya Message Networking 3.1
SuSE Linux Desktop 1.0.0
Samba 3.0.25 Pre1
Samba 3.0.25 Pre2
Mandriva Linux Mandrake 2007.0 X86 64
Ubuntu Ubuntu Linux 7.10 Sparc
Red Hat Enterprise Linux AS 3
Sun Solaris 10 X86
Red Hat Enterprise Linux WS 3
Samba 2.0.6
Samba 3.0.0
Samba 3.0.1
Samba 3.0.2
rPath rPath Linux 1
Samba 2.2.8 A
Avaya Interactive Response 3.0
Debian Linux 3.1.0 Amd64
HP HP-UX B.11.11
SuSE SuSE Linux Openexchange Server 4.0.0
SuSE SUSE LINUX Retail Solution 8.0.0
SuSE SuSE Linux Standard Server 8.0.0
Mandriva Corporate Server 4.0
Mandriva Linux Mandrake 2007.0
Debian Linux 3.1.0 Ia-32
Mandriva Corporate Server 3.0.0
Red Hat Enterprise Linux 5 Server
Debian Linux 3.1.0 Ia-64
Slackware Linux 12.0
Samba 2.2.0 .0
Ubuntu Ubuntu Linux 7.04 Amd64
Samba 3.0.2 A
Ubuntu Ubuntu Linux 7.04 Powerpc
Ubuntu Ubuntu Linux 7.04 Sparc
Samba 3.0.23D
SuSE Novell Linux Desktop 9.0.0
HP HP-UX B.11.23
Red Hat Fedora 8
Samba 2.2.11
SuSE openSUSE 10.2
Apple Mac OS X Server 10.5.1
Samba 3.0.14
Ubuntu Ubuntu Linux 7.10 Amd64
Debian Linux 4.0 Alpha
Debian Linux 4.0 Amd64
Debian Linux 4.0 Arm
Debian Linux 4.0 Hppa
Debian Linux 4.0 Ia-32
Debian Linux 4.0 Ia-64
Debian Linux 4.0 M68k
Debian Linux 4.0 Mips
Debian Linux 4.0 Mipsel
Debian Linux 4.0 Powerpc
Debian Linux 4.0 S/390
Debian Linux 4.0 Sparc
Debian Linux 4.0
Red Hat Advanced Workstation for the Itanium Processor 2.1.0
Red Hat Enterprise Linux AS 4.5.Z
Red Hat Enterprise Linux ES 4.5.Z
Apple Mac OS X 10.4.11
Avaya Messaging Storage Server MM3.0
HP CIFS Server A.02.01
HP CIFS Server A.02.02
HP CIFS Server A.2.03
Samba 2.2.7 A
Samba 2.0.8
Samba 2.0.0 .0
Samba 2.0.1
Samba 2.0.2
Samba 2.0.3
Samba 3.0.27A
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4
Debian Linux 3.1.0
Samba 3.0.25B
Samba 3.0.25C
Samba 3.0.26
SuSE SUSE Linux Enterprise Server 9
Samba 2.2.3 A
Avaya Message Networking MN 3.1
Samba 2.2.8
Slackware Linux 11.0
Ubuntu Ubuntu Linux 7.04 I386
Sun Solaris 9 X86
Samba 2.0.5
Samba 2.0.4
Ubuntu Ubuntu Linux 6.06 LTS Sparc
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise Desktop 10 SP1
SuSE SUSE Linux Enterprise Server 10 SP1
Mandriva Corporate Server 3.0.0 X86 64
VMWare ESX Server 2.5.4 Patch 15
VMWare ESX Server 2.5.5 Patch 4
Red Hat Enterprise Linux AS 4
Samba 2.2.4
Samba 2.2.5
Samba 2.2.1 A
Samba 3.0.24
Slackware Linux 10.0.0
Samba 3.0.23C
Apple Mac OS X Server 10.4.11
Avaya Messaging Storage Server 3.1
Samba 3.0.25A
Samba 3.0.26A
Ubuntu Ubuntu Linux 6.10 Sparc
Samba 3.0.27

HTTP:CHUNKED-HDR-SERVER-CHUNKED - HTTP: Chunked Header and HTTP2.0. Served chunked

Severity: HIGH

Description:

This signature will detect if there is a transfer encoding header in the HTTP/2.0 traffic.

Supported On:

HTTP:STC:HTTP-EVADER-FOO - HTTP: Evader Content-Encodingfoo Detected

Severity: MEDIUM

Description:

This signature will detect the attacks of the evasion tool HTTP-EVADER.

Supported On:

APP:HPE-INTEL-MAN-RMI-ID - APP: HPE Intelligent Management Center RMI Registry Insecure Deserialization

Severity: HIGH

Description:

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. Successful exploitation results in arbitrary code execution under the context of the SYSTEM or root user.

Supported On:

References:

cve: CVE-2017-5792

HTTP:EMPTY-TRANSFER-ENCODING - HTTP: Empty Transfer Encoding

Severity: HIGH

Description:

This signature will detect id there is a transfer encoding header and there is no value to for that header.

Supported On:

HTTP:STC:IE:CVE-2017-0130-AV - HTTP: Microsoft Internet Explorer CVE-2017-0130 Access Violation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to access violation.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2017-0130

SHELLCODE:PREPENDENCODER-HTTP-2 - SHELLCODE: Prepend Encoder Routine Detection Over HTTP (2)

Severity: HIGH

Description:

This signature detects improper or malformed HTTP server responses that are lacking a HTTP status code. Section 10 of RFC2616 defines the correct HTTP status codes. This may be an indication of tunneling, an IPS evasion attempt or other malicious activity and should be investigated.

Supported On:

srx-branch-12.1, isg-3.5.141652, vsrx-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2008-1104

Affected Products:

foxitsoftware reader 2.2
foxitsoftware reader up to 2.3
foxitsoftware reader 2.0

SMB:TRANSACTION-RESPONSE-OF - SMB: Microsoft Windows SMB Client Transaction Response Buffer Overflow

Severity: CRITICAL

Description:

A remote code execution vulnerability exists in Microsoft Windows SMB Client. The vulnerability is due to improper validation of certain fields when handling SMB transaction responses. Remote unauthenticated attackers could exploit this vulnerability by enticing a user to connect to a malicious SMB server and sending a specially crafted SMB response to the target machine. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the operating system kernel. Code injection that does not result in execution could crash the target system, and result in a Denial of Service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, idp-4.2.110100823, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, idp-5.0.0, idp-4.2.0, isg-3.5.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2010-0270
bugtraq: 39339

Affected Products:

Microsoft Windows 7 for 32-bit Systems
Microsoft Windows 7 for x64-based Systems
Nortel Networks ENSM - Enterprise NMS 10.4
Nortel Networks ENSM - Enterprise NMS 10.5
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Nortel Networks CallPilot 600R
Nortel Networks Contact Center - TAPI Server
Nortel Networks Contact Center NCC
Nortel Networks ENSM IP Address Manager
Avaya Messaging Application Server
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Avaya Meeting Exchange - Enterprise Edition
Nortel Networks Symposium Agent
Nortel Networks CallPilot 1005R
Nortel Networks Contact Center Administration CCMA 7.1
Nortel Networks Contact Center Manager Server 7.1
Nortel Networks Contact Center Express 7.1
Nortel Networks CallPilot 703T
Nortel Networks Contact Center Manager Server
Nortel Networks CallPilot 201I
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Avaya Messaging Application Server MM 1.1
Nortel Networks Contact Center Administration
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Nortel Networks CallPilot 202I
Nortel Networks Contact Center Express
Nortel Networks Contact Center Manager
Nortel Networks Contact Center Manager Server 6.0
Avaya Messaging Application Server MM 2.0
Nortel Networks Contact Center Administration CCMA 7.0
Nortel Networks Contact Center Administration CCMA 6.0
Nortel Networks CallPilot 1002Rp
Nortel Networks Contact Center Manager Server 7.0

HTTP:PHP:PHPMAILER-RCE - HTTP: PHPMailer Mail escapeshellarg Command Injection

Severity: HIGH

Description:

A command injection vulnerability has been reported in the PHPMailer library package. Successful exploitation results in arbitrary command execution on the target server with the privileges of the web service.

Supported On:

References:

bugtraq: 95130
cve: CVE-2016-10045

SMB:SAMBA:NMBD-BO - SMB: Samba nmbd Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Samba. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, mx-11.4, mx-16.1, vmx-11.4, vmx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, j-series-9.5, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

bugtraq: 69021
cve: CVE-2014-3560

Affected Products:

samba 4.1.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6
samba 4.0.1
samba 4.0.19
samba 4.1.5
canonical ubuntu_linux 14.04
samba 4.0.7
samba 4.0.18
samba 4.1.4
samba 4.0.4
samba 4.1.10
samba 4.1.8
samba 4.0.17
samba 4.1.9
samba 4.0.16
samba 4.0.15
samba 4.0.14
samba 4.0.20
samba 4.0.9
samba 4.0.13
samba 4.0.0
samba 4.1.6
samba 4.0.8
samba 4.1.3
samba 4.0.12
samba 4.1.2
samba 4.0.11
samba 4.0.6
samba 4.0.10
samba 4.0.5
samba 4.1.1
samba 4.0.3
samba 4.1.7
samba 4.0.2

SMB:EXPLOIT:SMB1-CHAINING-MC - SMB: Samba SMB1 Packets Chaining Memory Corruption

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known memory corruption vulnerability in Samba. It is due to improper validation when chaining SMB1 packets. Remote attackers can exploit this by sending a crafted SMB message to a target SMB server. A successful attack can result in remote code execution with root privileges.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, idp-4.2.110100823, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, idp-5.0.0, idp-4.2.0, isg-3.5.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2010-2063
bugtraq: 40884
url: http://www.samba.org/samba/security/CVE-2010-2063.html

Affected Products:

Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Avaya Voice Portal 4.1
Avaya Messaging Storage Server 5.1
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server 2.0
Red Hat Enterprise Linux 5.4.Z Server
Debian Linux 5.0 Ia-32
Avaya Messaging Storage Server
Avaya Message Networking
Sun Solaris 10 Sparc
Red Hat Enterprise Linux Desktop 5 Client
Ubuntu Ubuntu Linux 6.06 LTS Powerpc
Ubuntu Ubuntu Linux 6.06 LTS I386
Ubuntu Ubuntu Linux 6.06 LTS Amd64
rPath rPath Linux 2
Debian Linux 5.0 Mips
Red Hat Enterprise Linux ES 3
Slackware Linux 10.2.0
Red Hat Enterprise Linux WS 3
Samba 3.0.23B
Xerox WorkCentre 5740
Xerox WorkCentre 5755
Xerox WorkCentre 5765
Xerox WorkCentre 5775
Samba 3.0.23A
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.1 X86 64
Ubuntu Ubuntu Linux 8.04 LTS Amd64
Ubuntu Ubuntu Linux 8.04 LTS I386
Apple Mac OS X 10.5.2
Apple Mac OS X Server 10.5.2
Ubuntu Ubuntu Linux 8.04 LTS Sparc
Red Hat Desktop 3.0.0
Samba 3.2.4
Samba 3.0.25C
Apple Mac OS X 10.5.4
Apple Mac OS X Server 10.5.4
SuSE Novell Linux POS 9
Avaya Messaging Storage Server 5.2
Apple Mac OS X Server 10.5.0
Apple Mac OS X 10.5
Samba 3.0.26A
Samba 3.0.9
Apple Mac OS X 10.6
Apple Mac OS X Server 10.6
Samba 3.0.25 Pre1
Samba 3.0.3
Samba 3.0.4
Samba 3.0.5
Samba 3.0.23C
Samba 3.0.11
Samba 3.0.12
Samba 3.0.13
HP HP-UX B.11.31
Samba 3.0.14A
Samba 3.0.20
Samba 3.0.20A
Slackware Linux 13.0
Samba 3.0.21
Samba 3.0.21A
Slackware Linux 10.1.0
Samba 3.0.21C
Samba 3.0.22
Samba 3.0.24
Samba 3.0.28A
Samba 3.0.29
Sun Solaris 9 Sparc
Avaya Voice Portal 5.0 SP2
Samba 3.0.30
SuSE Open-Enterprise-Server
Samba 3.0.25 Pre2
Samba 3.0.25 Rc3
Samba 3.0.20B
HP HP-UX B.11.23
Mandriva Corporate Server 4.0.0 X86 64
Avaya Voice Portal 4.1 SP1
Avaya Voice Portal 4.1 SP2
Avaya Voice Portal 5.1
Avaya Voice Portal 5.0
Mandriva Enterprise Server 5 X86 64
Apple Mac OS X 10.5.3
Samba 3.0.21B
Debian Linux 5.0 Ia-64
SuSE SUSE Linux Enterprise Desktop 11
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2008.0 X86 64
Apple Mac OS X 10.6.3
Apple Mac OS X Server 10.6.3
Apple Mac OS X 10.5.5
Apple Mac OS X Server 10.5.5
Apple Mac OS X 10.6.2
Apple Mac OS X Server 10.6.2
Red Hat Enterprise Linux AS 4.7.Z
Red Hat Enterprise Linux ES 4.7.Z
Apple Mac OS X 10.5.8
Samba 3.0.10
Apple Mac OS X Server 10.5.8
Samba 3.2.2
Samba 3.2.3
Samba 3.2.1
SuSE SUSE Linux Enterprise SDK 10 SP3
SuSE SUSE Linux Enterprise Desktop 10 SP3
SuSE SUSE Linux Enterprise Server 10 SP3
HP HP-UX B.11.23
Samba 3.2.0
SuSE SUSE Linux Enterprise Server 11
Samba 3.0.4 -R1
Avaya Messaging Storage Server 5.0
Samba 3.0.7
Samba 3.0.0 Alpha
Avaya Message Networking 5.2
Samba 3.0.25 Rc1
Debian Linux 5.0
Debian Linux 5.0 Alpha
Avaya Message Networking 3.1
Debian Linux 5.0 Arm
Debian Linux 5.0 Hppa
Slackware Linux 12.1
SuSE SUSE Linux Enterprise 11
Debian Linux 5.0 M68k
Red Hat Enterprise Linux AS 3
Sun Solaris 10 X86
Debian Linux 5.0 Powerpc
Debian Linux 5.0 S/390
Debian Linux 5.0 Sparc
Samba 3.0.0
Samba 3.0.1
Samba 3.0.2
Samba 3.0.2 A
Samba 3.0.8
SuSE openSUSE 11.0
Samba 3.0.25
Xerox WorkCentre 5790
Apple Mac OS X 10.5.0
Mandriva Enterprise Server 5
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2009.0 X86 64
Ubuntu Ubuntu Linux 9.04 I386
Ubuntu Ubuntu Linux 9.04 Lpia
Ubuntu Ubuntu Linux 9.04 Powerpc
Ubuntu Ubuntu Linux 9.04 Sparc
Mandriva Corporate Server 4.0
Apple Mac OS X 10.5.7
Apple Mac OS X Server 10.5.7
Red Hat Enterprise Linux 5 Server
Slackware Linux 12.0
Pardus Linux 2009
Ubuntu Ubuntu Linux 6.06 LTS Sparc
Ubuntu Ubuntu Linux 8.04 LTS Lpia
Ubuntu Ubuntu Linux 8.04 LTS Powerpc
Apple Mac OS X 10.6.1
Samba 3.2.5
Slackware Linux 13.0 X86 64
Samba 3.0.32
Samba 3.0.33
Samba 3.3.7
Samba 3.2.14
Samba 3.0.36
Samba 3.3.8
Samba 3.2.15
Samba 3.0.37
Samba 3.0.6
Gentoo Linux
Avaya Messaging Storage Server 4.0
SuSE SUSE Linux Enterprise 10 SP3
Debian Linux 5.0 Mipsel
Samba 3.0.14
Apple Mac OS X 10.5.6
Apple Mac OS X Server 10.5.6
Avaya Voice Portal 5.0 SP1
VMWare ESX Server 3.5
SuSE SUSE Linux Enterprise Software Development Kit 11
Samba 3.0.35
Samba 3.0.34
Samba 3.3.5
Samba 3.2.12
Samba 3.2.13
Samba 3.3.6
Avaya Messaging Storage Server MM3.0
SuSE SUSE Linux Enterprise Server 9
Sun Solaris 9 X86
Avaya Voice Portal 3.0
Samba 3.0.27A
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4
Red Hat Enterprise Linux Desktop Version 4
Samba 3.0.25A
Samba 3.0.25B
Avaya Voice Portal 4.0
Samba 3.0.26
Samba 3.3.11
Samba 3.3.12
Apple Mac OS X Server 10.5.3
HP HP-UX B.11.11
Avaya Message Networking MN 3.1
SuSE openSUSE 11.1
Sun OpenSolaris Build Snv 111B
Apple Mac OS X 10.6.4
Apple Mac OS X Server 10.6.4
HP CIFS-Server A.02.04.01
HP CIFS-Server A.02.03.05
Ubuntu Ubuntu Linux 9.04 Amd64
Debian Linux 5.0 Armel
Red Hat Enterprise Linux AS 4
Samba 3.0.28
Slackware Linux 12.2
Red Hat Enterprise Linux 5.3.Z Server
Samba 3.0.23D
Xerox WorkCentre 5765
Apple Mac OS X Server 10.6.1
rPath Appliance Platform Linux Service 2
Slackware Linux 10.0.0
HP HP-UX B.11.11
Slackware Linux 11.0
Avaya Messaging Storage Server 3.1
Samba 3.0.25 Rc2
Debian Linux 5.0 Amd64
Xerox WorkCentre 5735
Samba 3.3.10
Xerox WorkCentre 5745
Xerox WorkCentre 5740
Xerox WorkCentre 5755
Avaya Messaging Storage Server 3.1 SP1
Xerox WorkCentre 5775
Xerox WorkCentre 5790
Samba 3.0.27

SSL:HPE-NETWORK-AUTO-RED-SQLI - SSL: HPE Network Automation RedirectServlet SQL Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in HPE Network Automation. Successful exploitation could result in the execution of arbitrary SQL statements on the affected system.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, idp-4.2.0, idp-5.0.0, vmx-16.1, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2017-5810

VOIP:ASTERISK-SCCP-DOS - VOIP: Digium Asterisk chan_skinny SCCP packet Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Digium Asterisk. Successful exploitation could cause the Asterisk server to terminate.

Supported On:

IMAP:OVERFLOW:IBM-DOMINO-OF - IMAP: IBM Domino IMAP Mailbox Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Domino IMAP Server. Successful exploitation will result in the execution of arbitrary code with SYSTEM privileges. An unsuccessful attack could result in a denial of service condition of the affected service.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, vmx-11.4, vmx-16.1, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2017-1274

SMB:MS-RAP-STACK-OV - SMB: Microsoft Remote Administration Protocol Stack Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Windows networking components. A successful attack can lead to stack based buffer overflow and arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, mx-11.4, mx-16.1, vmx-11.4, vmx-16.1, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2012-1853
bugtraq: 54940

Affected Products:

Microsoft Windows XP
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition SP2

HTTP:STC:EVADOR-TRANSFER-ENCD - HTTP: Evader transfer-encoding evasion attack detection

Severity: HIGH

Description:

This signature will detect the attacks of the Tranfer endoing tool HTTP EVADER evasion.