CVE-2004-1312
CVSS10.0
发布时间 :2005-01-03 00:00:00
修订时间 :2008-09-05 16:40:57
NMCOPS    

[原文]A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.


[CNNVD]GFI MailEssential/MailSecurity MicrosftHTML库 拒绝服务漏洞(CNNVD-200501-004)

        GFI MailEssentials for Exchange/SMTP为EMAIL服务程序提供垃圾邮件保护和EMAIL管理功能。
        用于第三方产品的某个Microsft HTML库存在bug,可能导致远程攻击者通过特定字符串引发拒绝服务。
        该漏洞发现于GFI MailEssential for Exchang9/10及GFI MailSecurity for Exchang8,在上述软件中导致了邮件保留在IIS或Exchange邮件队列中。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gfi:mailsecurity:8.0::exchange_smtp
cpe:/a:gfi:mailessentials:9.0::exchange_smtp
cpe:/a:gfi:mailessentials:10.1::exchange_smtp
cpe:/a:gfi:mailessentials:10.0::exchange_smtp

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1312
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1312
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-004
(官方数据源) CNNVD

- 其它链接及资源

http://kbase.gfi.com/showarticle.asp?id=KBID002249
(VENDOR_ADVISORY)  CONFIRM  http://kbase.gfi.com/showarticle.asp?id=KBID002249
http://www.securityfocus.com/bid/12148
(UNKNOWN)  BID  12148
http://www.csis.dk/default.asp?m=1&a=194
(VENDOR_ADVISORY)  MISC  http://www.csis.dk/default.asp?m=1&a=194
http://secunia.com/advisories/13708
(UNKNOWN)  SECUNIA  13708

- 漏洞信息

GFI MailEssential/MailSecurity MicrosftHTML库 拒绝服务漏洞
危急 其他
2005-01-03 00:00:00 2007-05-08 00:00:00
远程  
        GFI MailEssentials for Exchange/SMTP为EMAIL服务程序提供垃圾邮件保护和EMAIL管理功能。
        用于第三方产品的某个Microsft HTML库存在bug,可能导致远程攻击者通过特定字符串引发拒绝服务。
        该漏洞发现于GFI MailEssential for Exchang9/10及GFI MailSecurity for Exchang8,在上述软件中导致了邮件保留在IIS或Exchange邮件队列中。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.gfi.com/mailsecurity/

- 漏洞信息 (F35586)

CSIS2005-1.txt (PacketStormID:F35586)
2005-01-04 00:00:00
Peter Kruse  csis.dk
advisory,remote,denial of service
CVE-2004-1312
[点击下载]

CSIS Security Advisory - A remote denial of service condition exists in GFI MailEssentials due to a bug in Microsoft HTML parser.

CSIS Security Advisory: [CSIS2005-1)

Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser

Date Published: 3rd of January 2005

Product description:
GFI MailEssentials for Exchange/SMTP offers spam protection and email
management at server level. GFI MailEssentials offers a fast set-up and a
high spam detection rate using Bayesian analysis and other methods - no
configuration required, very low false positives through its automatic
whitelist, and the ability to automatically adapt to your email environment
to constantly tune and improve spam detection. GFI MailEssentials also adds
email management tools to your mail server: disclaimers, mail archiving and
monitoring, Internet mail reporting, list server, server-based auto replies
and POP3 downloading.

Summary:
Specially crafted HTML emails could cause GFI MailSecurity and GFI
MailEssentials to stop processing, with emails getting stuck in the IIS
queue or Exchange pre-submission queues. There will be no error indications
other than MailQueue stops processing. Restarting the server or services
will not help. The flaw will occur when MailEssentioals processes the
strings in an email subject, body or in an attached text file. Exploitation
is trivial.


Vulnerability Class:
This flaw affects all tested versions of GFI MailEssentials and will cause a
remote Denial of Service.
Not tested are other programs making use of Microsoft HTML parser.


Details:
CSIS has discovered a flaw in GFI MailEssentials 9 and 10.x and GFI
MailSecurity 8.x where a specially crafted HTML email causes the products to
stop processing, resulting in emails getting stuck in the IIS/Exchange
queues.

The problem lies in a Microsoft HTML library that is made use of by a GFI
library, common to GFI MailSecurity and GFI MailEssentials.

A malicious user can exploit this flaw and craft an e-mail containing a
specially crafted javascript. When the e-mail containing the javascript is
received by MailEssentials, it will be processed resulting in a DoS. The
mail will reside in the queues until it's manually removed. If the server is
rebooted without removing the affected mail from the queues, the same mail
gets processed again and again and a new DoS will occur. MailEssentials will
not process any other in- or outbound e-mails until this mail is completely
removed from the bad mail queue. This is a ugly scenario since you'll end up
looking for a needle in a haystack.

CSIS would like to underline that this flaw is really a result of a bug in
Microsoft HTML parser. As such, this problem is not directly related to GFI.
We suspect other products are vulnerable as well.

Impact:
Medium-High: This is a remote DoS. Leaving no trace, no warnings and no
indication of which e-mail causing the problem.

Solution:
A fix has been released:

GFI MailEssentials 10.x -
ftp://ftp.gfi.com/patches/ME10_PATCH_20041220_01.zip
GFI MailEssentials 9 - ftp://ftp.gfi.com/patches/me9_PATCH_20041220_01.zip
GFI MailSecurity 8.x - ftp://ftp.gfi.com/patches/MSEC8_PATCH_20041220_01.zip

It's strongly recommended to apply these patches as soon as possible. Also
it would be wise to set up an alert mechanism monitoring number of mails in
queue. CSIS also recommend using the GFI monitor function to see if mails
gets processed at regular intervals.

Affected Products:
GFI MailSecurity 8.x
GFI MailEssentials 9
GFI MailEssentials 10.x

Running on Microsoft Windows 2000 Server with all relevant patches
installed.

CSIS would like to thank GFI for a quick and professional response. It took
only 5 days for GFI to troubleshoot and fix this issue!

CVE:
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CAN-2004-1312 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org), which standardizes names for security problems.

Links
For more information about the patches see GFI KB article:
http://kbase.gfi.com/showarticle.asp?id=KBID002249

This advisory can also be found at our website:
http://www.csis.dk/default.asp?m=1&a=194

---
Med venlig hilsen // Kind regards

Peter Kruse,                        Voice: (+45) 88136030
Security- and virusanalyst,         Cel    (+45) 28490532
CSIS ApS                            Fax    (+45) 28176030
http://www.csis.dk                  E-mail pkr@csis.dk

PGP fingerprint
79FD 0648 158E 6B9E 236F  CFDA 7C58 64D6 BE83 FA60

Combined Services & Integrated Solutions
Gevn    

- 漏洞信息

12709
Microsoft HTML Parser Malformed Javascript DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Vendor Verified

- 漏洞描述

Microsoft's HTML parser library contains a flaw that may allow a remote denial of service. The issue is triggered when products which rely on the library process specially crafted HTML content, and will result in loss of availability for the service which makes use of the library. Details on the specific nature of the Microsoft HTML parser vulnerability are not available. GFI has provided some information as it relates to their MailSecurity and MailEssentials products.

- 时间线

2005-01-03 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue in the Microsoft HTML parser. Individual vendors have addressed the issue within their own products. GFI has provided patches for its vulnerable software.

- 相关参考

- 漏洞作者

- 漏洞信息

GFI MailEssentials and MailSecurity HTML Email Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 12148
Yes No
2005-01-03 12:00:00 2009-07-12 09:26:00
Discovery is credited to CSIS.

- 受影响的程序版本

GFI MailSecurity for Exchange/SMTP 8.0
GFI MailEssentials for Exchange/SMTP 10.1
GFI MailEssentials for Exchange/SMTP 10.0
GFI MailEssentials for Exchange/SMTP 9.0

- 漏洞讨论

GFI MailEssentials and MailSecurity are prone to a remote denial of service vulnerability. This issue occurs when a specifically malformed HTML email message is processed. Rebooting the server or restarting the service will not resolve the issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

GFI has released fixes for this issue:


GFI MailEssentials for Exchange/SMTP 10.0

GFI MailEssentials for Exchange/SMTP 10.1

GFI MailSecurity for Exchange/SMTP 8.0

GFI MailEssentials for Exchange/SMTP 9.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站