Search This Blog

Tuesday, September 20, 2005

[NT] Antigen for Exchange and SMTP Rule Bypassing Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Antigen for Exchange and SMTP Rule Bypassing Vulnerability
------------------------------------------------------------------------

SUMMARY

" <http://www.sybari.com/> Antigen for Microsoft Exchange delivers
comprehensive server-level antivirus protection with a unique, powerful
multiple scan engine management approach and advanced content-filtering
capabilities".

By creating an email message with a specific subject, attackers can attach
any file they wish, which under normal circumstances would be filtered by
Antigen for Exchange and SMTP.

DETAILS

Vulnerable Systems:
* Sybari Antigen version 8.0 SR2 for Exchange and SMTP

Immune Systems:
* Sybari Antigen version 8.00.1517 SR3 for Exchange and SMTP

A vulnerability has been discovered in Antigen for Exchange/SMTP, which
could potentially be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused by the way Antigen processes its rules in
handling SMTP messages. A message, containing the Subject line of:
"Antigen forwarded attachment" can be exploited to cause Antigen to ignore
custom filters allowing unwanted file attachments into the email system.
This vulnerability does not disable or bypass virus scanning of
attachments.

Successful exploitation may allow an unwanted file type to be delivered
into a user's email inbox.

ADDITIONAL INFORMATION

The information has been provided by <mailto:AlanM@gardnerweb.com> Alan
Monaghan.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)