OSVDB ID: 6188

Title: Multiple Vendor Fragmented Email Virus Scan Bypass

Info

Disclosure
Dec 09, 2002

Discovery
Unknown

Dates

Exploit
Dec 09, 2002

Solution
Unknown

Description

 Virus Scan software from multiple vendors contains a flaw that may allow a remote attacker to bypass SMTP content filters. The problem is that the antivirus gateways fail to reassemble and scan mail messages, if they are sent in the message/partial format. It is possible that the flaw may allow malicious files to bypass antivirus gateways, resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

 Consult your vendor for upgrades. An upgrade is required as there are no known workarounds.

Products

GFI Software

MailSecurity for Exchange/SMTP

 7.2

Network Associates, Inc.

WebShield SMTP

 4.0.5
4.5
4.5.44
4.5.74.0

Roaring Penguin Software, Inc.

CanIt

 1.2

MIMEDefang

 2.14
2.20

Trend Micro, Inc.

InterScan VirusWall

 3.5
3.51
3.52

References

Credit
  • Aviram Jenik - aviramsecuriteam.com - Beyond-Security


Direct URL: http://osvdb.org/6188