Network Associates WebShield SMTP畸形Mime头漏洞-一一网

Network Associates WebShield SMTP畸形Mime头漏洞

4年前更新

2030

漏洞信息详情

Network Associates WebShield SMTP畸形Mime头漏洞

CNNVD编号：CNNVD-200112-245

危害等级：高危
CVE编号：
CVE-2001-1542
漏洞类型：

输入验证
发布时间：

2001-12-31
威胁类型：

远程
更新时间：

2006-01-27
厂商：

network_associates
漏洞来源：
Discovered by Jari…

漏洞简介

NAI WebShield SMTP 4.5和4.5 MR1a（可能）版本不能过滤不正确MIME编码邮件附件。远程攻击者可以利用该漏洞绕过过滤并可能执行邮件客户端的任意代码，处理无效附件。

漏洞公告

Jari Helenius has suggested augmenting any content filtering rules based on file extension with a rule based on finding suspect encodings such as ‘audio/x-wav’ in the body of the message. This encoding has been used by several recent email worms, including W32/Nimda.A
@mawaron.com>

参考网址

来源: BID
名称: 3601
链接:http://www.securityfocus.com/bid/3601

来源: XF
名称: webshield-smtp-mime-attachments(7637)
链接:http://www.iss.net/security_center/static/7637.php

来源: BUGTRAQ
名称: 20011130 Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]
链接:http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html

受影响实体

Network_associates Webshield_smtp:4.5_mr1a
Network_associates Webshield_smtp:4.5
Network_associates Webshield_smtp:4.5_mr1a
Network_associates Webshield_smtp:4.5

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐