IDS mailing list archives
RE: ISS Proventia email overflow
From: "Mike Theriault" <Mike_Theriault () Jabil com>
Date: Tue, 20 Nov 2007 10:44:05 -0500
I have seen this event before in cases where SMTP mail was being sent from an application server to a relay. Generally speaking I ignore these unless there were a high number of instances of those events. Mike Theriault Security Engineer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Albert R. Campa Sent: Monday, November 19, 2007 5:28 PM To: focus-ids () securityfocus com Subject: ISS Proventia email overflow Hi guys, I am getting spurts of events trigerred by ISS Proventia, with the following vuln description: Vulnerability description In buffer overflow attacks, an attacker supplies data that is longer than the available space to hold it. For stack allocated variables, this usually means the attacker can corrupt other variables and eventually modify the code that is executed when the function in which the overflow occurs ends. http://www.iss.net/security_center/reference/vuln/EMail_Generic_Intel_Ov erflow.htm They are from a trusted mail server so its not being blocked. Do you think this is just a true false positive or is this trusted mail server sending bad packets? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig n=intro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- ISS Proventia email overflow Albert R. Campa (Nov 20)
- Re: ISS Proventia email overflow David Maynor (Nov 20)
- Re: ISS Proventia email overflow Albert R. Campa (Nov 20)
- Re: ISS Proventia email overflow David Maynor (Nov 20)
- Re: ISS Proventia email overflow Albert R. Campa (Nov 20)
- Re: ISS Proventia email overflow Albert R. Campa (Nov 20)
- Re: ISS Proventia email overflow David Maynor (Nov 20)
- RE: ISS Proventia email overflow Mike Theriault (Nov 20)