CVE-2003-0121
CVSS7.5
发布时间 :2003-03-18 00:00:00
修订时间 :2016-10-17 22:29:45
NMCOES    

[原文]Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.


[CNNVD]Clearswift MailSweeper畸形MIME附件过滤绕过漏洞(CNNVD-200303-045)

        
        MAILsweeper产品提供基于策略的邮件内容安全过滤机制,可允许系统阻挡给予特殊内容类型的附件。
        MAILsweeper不正确处理部分畸形封装的附件,远程攻击者利用这个漏洞绕过安全检查,直接把恶意附件提交给用户处理。
        如果攻击者提交的邮件附件不包含'MIME-Version'字段,那么MailSweeper将不能辨别此附件为何种类型,也就是说,即使MailSweeper设定此附件类型(如可执行问类型)不能通过,由于不能判断畸形的附件内容,所以可使恶意邮件绕过检查,直接提交给最终用户处理,而一般的应用程序又可以对这不完整畸形附件进行处理,结合其他漏洞可导致恶意附件被执行。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:clearswift:mailsweeper:4.1
cpe:/a:clearswift:mailsweeper:4.0
cpe:/a:clearswift:mailsweeper:4.3
cpe:/a:clearswift:mailsweeper:4.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0121
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0121
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-045
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=104716030503607&w=2
(UNKNOWN)  BUGTRAQ  20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
http://www.securityfocus.com/archive/1/316311
(UNKNOWN)  BUGTRAQ  20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
http://www.securityfocus.com/bid/7044
(VENDOR_ADVISORY)  BID  7044

- 漏洞信息

Clearswift MailSweeper畸形MIME附件过滤绕过漏洞
高危 其他
2003-03-18 00:00:00 2005-10-20 00:00:00
远程  
        
        MAILsweeper产品提供基于策略的邮件内容安全过滤机制,可允许系统阻挡给予特殊内容类型的附件。
        MAILsweeper不正确处理部分畸形封装的附件,远程攻击者利用这个漏洞绕过安全检查,直接把恶意附件提交给用户处理。
        如果攻击者提交的邮件附件不包含'MIME-Version'字段,那么MailSweeper将不能辨别此附件为何种类型,也就是说,即使MailSweeper设定此附件类型(如可执行问类型)不能通过,由于不能判断畸形的附件内容,所以可使恶意邮件绕过检查,直接提交给最终用户处理,而一般的应用程序又可以对这不完整畸形附件进行处理,结合其他漏洞可导致恶意附件被执行。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Clearswift提供如下升级脚本工具可以检测畸形MIME附件:
        
        http://www.clearswift.com/support/threatlab/vbstool.asp

        厂商补丁:
        Clearswift
        ----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.clearswift.com

- 漏洞信息 (22338)

Clearswift MailSweeper 4.x Malformed MIME Attachment Filter Bypass Vulnerability (EDBID:22338)
windows remote
2003-03-07 Verified
0 http-equiv
N/A [点击下载]
source: http://www.securityfocus.com/bid/7044/info

Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper allows such attachments through, even if it is set to filter executable type file attachments from incoming email messages.

http://www.exploit-db.com/sploits/22338.zip		

- 漏洞信息

8810
MAILsweeper Missing MIME-Version Scan Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-03-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Clearswift MailSweeper Malformed MIME Attachment Filter Bypass Vulnerability
Failure to Handle Exceptional Conditions 7044
Yes No
2003-03-07 12:00:00 2009-07-11 08:06:00
Discovery is credited to Martin O'Neal <bugtraq@corsaire.com>.

- 受影响的程序版本

Clearswift MailSweeper 4.3.6 SP1
Clearswift MailSweeper 4.3
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
Clearswift MailSweeper 4.2
Clearswift MailSweeper 4.1
Clearswift MailSweeper 4.0
Clearswift MailSweeper 4.3.7

- 不受影响的程序版本

Clearswift MailSweeper 4.3.7

- 漏洞讨论

Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper allows such attachments through, even if it is set to filter executable type file attachments from incoming email messages.

- 漏洞利用

There is no exploit code required. Removing the MIME-Version from an encoded attachment will sufficiently bypass the filter.

The following proof of concept was provided by http-equiv@excite.com &lt;http-equiv@malware.com&gt;:

- 解决方案

The vendor has released a fix for this issue, which is available to registered users at the following location:
http://www.clearswift.com/download/SQL/downloadList.asp?productID=301

This issue has been addressed in MAILsweeper for SMTP Version 4.3.7, which is available to users with a support contract.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站