https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22239#M16204 <HTML><HEAD></HEAD><BODY><P>Hello RIF,</P><P></P><P>This is triggered when an argument to a MAIL command to an SMTP server is overly long (304 bytes). This triggers a buffer overflow leading to a DOS and/or possible remote code execution.&nbsp; Could you please let me know which Application and threat version is currently installed on your PAN firewall...?</P><P></P><P>Thanks</P></BODY></HTML> Fri, 30 May 2014 15:50:00 GMT HULK 2014-05-30T15:50:00Z https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22238#M16203 <HTML><HEAD></HEAD><BODY><P>Sometimes&nbsp; we get a lot of 'SMTP Long MAIL anomaly Vulnerability' critical e-mail warnings from the PaloAlto PA-500.</P><P>PA-500 is filling up our mailbox with this warnings until we block the IP-range.</P><P></P><P>Does anyone has a suggestion how to moderate this warning.</P><P><IMG alt="Capture.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13719_Capture.JPG" style="width: 620px; height: 592px;" /></P></BODY></HTML> Fri, 30 May 2014 13:53:16 GMT https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22238#M16203 RIF 2014-05-30T13:53:16Z https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22239#M16204 <HTML><HEAD></HEAD><BODY><P>Hello RIF,</P><P></P><P>This is triggered when an argument to a MAIL command to an SMTP server is overly long (304 bytes). This triggers a buffer overflow leading to a DOS and/or possible remote code execution.&nbsp; Could you please let me know which Application and threat version is currently installed on your PAN firewall...?</P><P></P><P>Thanks</P></BODY></HTML> Fri, 30 May 2014 15:50:00 GMT https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22239#M16204 HULK 2014-05-30T15:50:00Z https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22240#M16205 <HTML><HEAD></HEAD><BODY><P>Thanx HULK. </P><P>The kind of thread is clear but the problem is that the PA-500 sends us a mail alert for every trigger.</P><P>The attacker is sending us every couple of minutes a 'wrong' mail command from a different IP-Address in the same IP- rangs.</P><P>Is it possible to create some kind of threshold?</P><P><IMG alt="Capture.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13725_Capture.JPG" style="width: 620px; height: 87px;" /></P></BODY></HTML> Mon, 02 Jun 2014 06:43:43 GMT https://live.paloaltonetworks.com/t5/general-topics/lot-of-smtp-long-mail-anomaly-vulnerability-critical-warnings/m-p/22240#M16205 RIF 2014-06-02T06:43:43Z