多个供应商电子邮件消息分段SMTP过滤器绕过漏洞

漏洞信息详情

多个供应商电子邮件消息分段SMTP过滤器绕过漏洞

• CNNVD编号：CNNVD-200209-051
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1121
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-09-24
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  roaring_penguin
• 漏洞来源：
  Vulnerability repo…

(1)Exchange/SMTP 7.2之前版本的GFI MailSecurity，(2) InterScan VirusWall 3.52 build 1494之前版本，(3)MIMEDefang 2.21之前版本的默认配置，和可能其他的产品的SMTP目录过滤器引擎不能检测到电子邮件的碎片，正如在RFC2046（“消息分段和重新装配”）中定义的和在如Outlook Express产品中支持的。远程攻击者借助message/partial目录类型的电子邮件碎片绕过目录过滤器包含病毒检查。

GFI has updated MailSecurity for Exchange/SMTP version 7.2. Users should contact the vendor for updated software.
Patches are available:
Roaring Penguin Software MIMEDefang 2.14

• Roaring Penguin Software MIME-tools-5.411a-RP-Patched.tar.gz
  
  http://www.roaringpenguin.com/mimedefang/MIME-tools-5.411a-RP-Patched.
  tar.gz

Roaring Penguin Software MIMEDefang 2.20

• Roaring Penguin Software MIME-tools-5.411a-RP-Patched.tar.gz
  
  http://www.roaringpenguin.com/mimedefang/MIME-tools-5.411a-RP-Patched.
  tar.gz

Trend Micro InterScan VirusWall for Windows NT 3.52

• Trend Micro Hotfix_build1494_v352_Smtp_case6593.zip
  ftp://ftp-download.trendmicro.com.ph/Gateway/ISNT/3.52/Hotfix_build149
  4_v352_Smtp_case6593.zip

来源:US-CERT Vulnerability Note: VU#836088
名称: VU#836088
链接:http://www.kb.cert.org/vuls/id/836088

来源: BUGTRAQ
名称: 20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103184501408453&w=2

来源: BID
名称: 5696
链接:http://www.securityfocus.com/bid/5696

来源: www.securiteam.com
链接:http://www.securiteam.com/securitynews/5YP0A0K8CM.html

来源: XF
名称: smtp-content-filtering-bypass(10088)
链接:http://www.iss.net/security_center/static/10088.php

来源: VULNWATCH
名称: 20020912 Bypassing SMTP Content Protection with a Flick of a Button
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html

来源: BUGTRAQ
名称: 20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button
链接:http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html

来源: BUGTRAQ
名称: 20020912 Bypassing SMTP Content Protection with a Flick of a Button
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103184267105132&w=2

来源: BUGTRAQ
名称: 20020912 Roaring Penguin fixes for “Bypassing SMTP Content Protection with a Flick of a Button”
链接:http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html