CVE-2000-1129
CVSS5.0
发布时间 :2001-01-09 00:00:00
修订时间 :2008-09-05 16:22:43
NMCOES    

[原文]McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.


[CNNVD]Network Associates WebShield SMTP无效传出接受者字段DoS漏洞(CNNVD-200101-069)

        McAfee WebShield SMTP 4.5版本存在漏洞。远程攻击者借助畸形的接收者字段导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1129
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1129
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200101-069
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1999
(VENDOR_ADVISORY)  BID  1999
http://archives.neohapsis.com/archives/bugtraq/2000-11/0324.html
(VENDOR_ADVISORY)  BUGTRAQ  20001123 McAfee WebShield SMTP vulnerabilities

- 漏洞信息

Network Associates WebShield SMTP无效传出接受者字段DoS漏洞
中危 其他
2001-01-09 00:00:00 2005-10-20 00:00:00
本地  
        McAfee WebShield SMTP 4.5版本存在漏洞。远程攻击者借助畸形的接收者字段导致服务拒绝。

- 公告与补丁

        Network Associates has released a hotfix (HF8) that will reject any messages that contain a "%" within the recipient field. Please contact your local Network Associates representative in order to obtain the hotfix.

- 漏洞信息 (20432)

Network Associates WebShield SMTP 4.5 Invalid Outgoing Recipient Field DoS Vulnerability (EDBID:20432)
windows local
2000-11-23 Verified
0 Jari Helenius
N/A [点击下载]
source: http://www.securityfocus.com/bid/1999/info

Network Associates WebShield SMTP is an email virus scanner designed for internet gateways.

In the event that WebShield SMTP receives an outgoing email containing six "%20" followed by any character within the recipient field, the application will crash, resulting in an access violation error upon processing of the email. Restarting WebShield SMTP is required in order to regain normal functionality. It has been unverified as to whether or not arbitrary code can be executed on the target system if specially crafted code is inserted into the buffer. 

recipient@f%20f%20f%20f%20f%20f%20f 		

- 漏洞信息

4741
McAfee WebShield Malformed Outgoing SMTP Recipient Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2000-11-23 Unknow
2000-11-23 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Network Associates WebShield SMTP Invalid Outgoing Recipient Field DoS Vulnerability
Failure to Handle Exceptional Conditions 1999
No Yes
2000-11-23 12:00:00 2009-07-11 03:56:00
Posted to Bugtraq on November 23, 2000 by Jari Helenius <jari.helenius@mawaron.com>.

- 受影响的程序版本

Network Associates WebShield SMTP 4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0

- 漏洞讨论

Network Associates WebShield SMTP is an email virus scanner designed for internet gateways.

In the event that WebShield SMTP receives an outgoing email containing six "%20" followed by any character within the recipient field, the application will crash, resulting in an access violation error upon processing of the email. Restarting WebShield SMTP is required in order to regain normal functionality. It has been unverified as to whether or not arbitrary code can be executed on the target system if specially crafted code is inserted into the buffer.

- 漏洞利用

recipient@f%20f%20f%20f%20f%20f%20f

- 解决方案

Network Associates has released a hotfix (HF8) that will reject any messages that contain a "%" within the recipient field. Please contact your local Network Associates representative in order to obtain the hotfix.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站