https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2331#M1722 <HTML><HEAD></HEAD><BODY><P><A href="https://live.paloaltonetworks.com/thread/10696">Lot of 'SMTP Long MAIL anomaly Vulnerability' critical warnings</A></P><P></P><P>It generates a lot of warnings.</P><P>So we made an exeption like this.</P><P>It blocks traffic for 1 hour for the connecting ip address.</P><P><IMG __jive_id="15147" alt="Capture.JPG" class="image-1 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/15147_Capture.JPG" style="width: 620px; height: 281px;" /></P></BODY></HTML> Wed, 27 Aug 2014 09:12:54 GMT RIF 2014-08-27T09:12:54Z https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2327#M1718 <HTML><HEAD></HEAD><BODY><P>The description says "This signature detects an anomaly in SMTP protocol. It would trigger when anoverlong mail command argument is passed to MAIL command."</P><P></P><P>Can anyone elaborate on this definition or know where I can access more detailed information about this threat ID?</P><P></P><P>Thanks !!!!!</P></BODY></HTML> Mon, 25 Aug 2014 18:39:11 GMT https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2327#M1718 craigmueller 2014-08-25T18:39:11Z https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2328#M1719 <HTML><HEAD></HEAD><BODY><P>Hello Craigmueller,</P><P></P><P>This is triggered when an argument to a MAIL command to an SMTP server is overly long (304 bytes). This triggers a buffer overflow leading to a DOS and/or possible remote code execution</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 25 Aug 2014 19:47:35 GMT https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2328#M1719 hshah 2014-08-25T19:47:35Z https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2329#M1720 <HTML><HEAD></HEAD><BODY><P>Hi <A href="https://live.paloaltonetworks.com/u1/28351">craigmueller</A></P><P></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><SPAN>This is triggered when an argument to a MAIL command to an SMTP server is overly long (304 bytes). This triggers a buffer overflow leading to a DOS and/or possible remote code execution. Bugtraq reference: </SPAN><A class="jive-link-external-small" href="http://www.securityfocus.com/bid/10290" rel="nofollow">http://www.securityfocus.com/bid/10290</A></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px;">Hope it helps !<BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px;">Thanks<BR /></SPAN></P></BODY></HTML> Mon, 25 Aug 2014 19:53:28 GMT https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2329#M1720 bat 2014-08-25T19:53:28Z https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2330#M1721 <HTML><HEAD></HEAD><BODY><P>Thanks for the information.</P><P>I relayed this to my customer and haven't heard back. Hopefully it answered their questions.</P></BODY></HTML> Tue, 26 Aug 2014 17:27:03 GMT https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2330#M1721 craigmueller 2014-08-26T17:27:03Z https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2331#M1722 <HTML><HEAD></HEAD><BODY><P><A href="https://live.paloaltonetworks.com/thread/10696">Lot of 'SMTP Long MAIL anomaly Vulnerability' critical warnings</A></P><P></P><P>It generates a lot of warnings.</P><P>So we made an exeption like this.</P><P>It blocks traffic for 1 hour for the connecting ip address.</P><P><IMG __jive_id="15147" alt="Capture.JPG" class="image-1 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/15147_Capture.JPG" style="width: 620px; height: 281px;" /></P></BODY></HTML> Wed, 27 Aug 2014 09:12:54 GMT https://live.paloaltonetworks.com/t5/general-topics/smtp-long-mail-anomaly-vulnerability-30392/m-p/2331#M1722 RIF 2014-08-27T09:12:54Z