CVE-2002-1121
CVSS7.5
发布时间 :2002-09-24 00:00:00
修订时间 :2016-10-17 22:23:51
NMCOS    

[原文]SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.


[CNNVD]多个供应商电子邮件消息分段SMTP过滤器绕过漏洞(CNNVD-200209-051)

        (1)Exchange/SMTP 7.2之前版本的GFI MailSecurity,(2) InterScan VirusWall 3.52 build 1494之前版本,(3)MIMEDefang 2.21之前版本的默认配置,和可能其他的产品的SMTP目录过滤器引擎不能检测到电子邮件的碎片,正如在RFC2046(“消息分段和重新装配”)中定义的和在如Outlook Express产品中支持的。远程攻击者借助message/partial目录类型的电子邮件碎片绕过目录过滤器包含病毒检查。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:trend_micro:interscan_viruswall:3.52
cpe:/a:network_associates:webshield_smtp:4.5
cpe:/a:network_associates:webshield_smtp:4.5.74.0
cpe:/a:roaring_penguin:canit:1.2
cpe:/a:roaring_penguin:mimedefang:2.14
cpe:/a:gfi:mailsecurity:7.2::exchange_smtp
cpe:/a:roaring_penguin:mimedefang:2.20
cpe:/a:trend_micro:interscan_viruswall:3.5
cpe:/a:network_associates:webshield_smtp:4.0.5
cpe:/a:network_associates:webshield_smtp:4.5.44
cpe:/a:trend_micro:interscan_viruswall:3.51

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1121
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1121
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200209-051
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
(UNKNOWN)  BUGTRAQ  20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button
http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
(UNKNOWN)  BUGTRAQ  20020912 Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button"
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html
(VENDOR_ADVISORY)  VULNWATCH  20020912 Bypassing SMTP Content Protection with a Flick of a Button
http://marc.info/?l=bugtraq&m=103184267105132&w=2
(UNKNOWN)  BUGTRAQ  20020912 Bypassing SMTP Content Protection with a Flick of a Button
http://marc.info/?l=bugtraq&m=103184501408453&w=2
(UNKNOWN)  BUGTRAQ  20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )
http://www.iss.net/security_center/static/10088.php
(VENDOR_ADVISORY)  XF  smtp-content-filtering-bypass(10088)
http://www.kb.cert.org/vuls/id/836088
(UNKNOWN)  CERT-VN  VU#836088
http://www.securiteam.com/securitynews/5YP0A0K8CM.html
(UNKNOWN)  MISC  http://www.securiteam.com/securitynews/5YP0A0K8CM.html
http://www.securityfocus.com/bid/5696
(UNKNOWN)  BID  5696

- 漏洞信息

多个供应商电子邮件消息分段SMTP过滤器绕过漏洞
高危 设计错误
2002-09-24 00:00:00 2005-10-20 00:00:00
远程  
        (1)Exchange/SMTP 7.2之前版本的GFI MailSecurity,(2) InterScan VirusWall 3.52 build 1494之前版本,(3)MIMEDefang 2.21之前版本的默认配置,和可能其他的产品的SMTP目录过滤器引擎不能检测到电子邮件的碎片,正如在RFC2046(“消息分段和重新装配”)中定义的和在如Outlook Express产品中支持的。远程攻击者借助message/partial目录类型的电子邮件碎片绕过目录过滤器包含病毒检查。

- 公告与补丁

        GFI has updated MailSecurity for Exchange/SMTP version 7.2. Users should contact the vendor for updated software.
        Patches are available:
        Roaring Penguin Software MIMEDefang 2.14
        
        Roaring Penguin Software MIMEDefang 2.20
        
        Trend Micro InterScan VirusWall for Windows NT 3.52
        

- 漏洞信息

6188
Multiple Vendor Fragmented Email Virus Scan Bypass
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Virus Scan software from multiple vendors contains a flaw that may allow a remote attacker to bypass SMTP content filters. The problem is that the antivirus gateways fail to reassemble and scan mail messages, if they are sent in the message/partial format. It is possible that the flaw may allow malicious files to bypass antivirus gateways, resulting in a loss of integrity.

- 时间线

2002-12-09 Unknow
2002-12-09 Unknow

- 解决方案

Consult your vendor for upgrades. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Multiple Vendor Email Message Fragmentation SMTP Filter Bypass Vulnerability
Design Error 5696
Yes No
2002-09-12 12:00:00 2009-07-11 05:06:00
Vulnerability reported by Aviram Jenik <aviram@beyondsecurity.com>.

- 受影响的程序版本

Trend Micro InterScan VirusWall for Windows NT 3.52
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Trend Micro InterScan VirusWall for Windows NT 3.51
- Microsoft Windows NT 3.5.1 SP5
- Microsoft Windows NT 3.5.1 SP4
- Microsoft Windows NT 3.5.1 SP3
- Microsoft Windows NT 3.5.1 SP2
- Microsoft Windows NT 3.5.1 SP1
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
Trend Micro InterScan VirusWall for Windows NT 3.5
- Microsoft Windows NT 3.5.1 SP5
- Microsoft Windows NT 3.5.1 SP4
- Microsoft Windows NT 3.5.1 SP3
- Microsoft Windows NT 3.5.1 SP2
- Microsoft Windows NT 3.5.1 SP1
- Microsoft Windows NT 3.5
Roaring Penguin Software MIMEDefang 2.21
Roaring Penguin Software MIMEDefang 2.20
Roaring Penguin Software MIMEDefang 2.14
Roaring Penguin Software CanIt 1.2
Network Associates WebShield SMTP 4.5.74 .0
- Microsoft Windows NT 4.0
Network Associates WebShield SMTP 4.5.44
- Microsoft Windows NT 4.0
Network Associates WebShield SMTP 4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Network Associates WebShield SMTP 4.0.5
- Microsoft Windows NT 4.0
GFI MailSecurity for Exchange/SMTP 7.2
Roaring Penguin Software MIMEDefang 2.21
Roaring Penguin Software CanIt 1.2 -F17
Network Associates WebShield e500
Network Associates WebShield e250
Finjan Software SurfinGate 6.0 1
Finjan Software SurfinGate 6.0
Finjan Software SurfinGate 4.0
Check Point Software Next Generation FP2
Check Point Software Firewall-1 4.1 SP5

- 不受影响的程序版本

Roaring Penguin Software MIMEDefang 2.21
Roaring Penguin Software CanIt 1.2 -F17
Network Associates WebShield e500
Network Associates WebShield e250
Finjan Software SurfinGate 6.0 1
Finjan Software SurfinGate 6.0
Finjan Software SurfinGate 4.0
Check Point Software Next Generation FP2
Check Point Software Firewall-1 4.1 SP5

- 漏洞讨论

If a single email message is sent in seperate fragments, it could be possible to bypass SMTP content filters. This vulnerability occurs if the SMTP filter does not reassemble the email fragments itself.

SMTP filters that reassemble fragmented email will not be vulnerable to this issue.

- 漏洞利用

There is no exploit code necessary for this vulnerability. Exploitation simply requires an email client capable of sending a single message as fragments.

- 解决方案

GFI has updated MailSecurity for Exchange/SMTP version 7.2. Users should contact the vendor for updated software.

Patches are available:


Roaring Penguin Software MIMEDefang 2.14

Roaring Penguin Software MIMEDefang 2.20

Trend Micro InterScan VirusWall for Windows NT 3.52

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站