Sybari Antigen过滤规则绕过漏洞

Sybari Antigen过滤规则绕过漏洞

漏洞ID 1197818 漏洞类型 设计错误
发布时间 2005-09-21 更新时间 2005-10-20
图片[1]-Sybari Antigen过滤规则绕过漏洞-安全小百科CVE编号 CVE-2005-3027
图片[2]-Sybari Antigen过滤规则绕过漏洞-安全小百科CNNVD-ID CNNVD-200509-195
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2005090013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-195
|漏洞详情
SybariAntigen是一个多重扫描引擎解决方案,实现了在单一产品中集合了从探测到执行的八种不同的扫描引擎,针对当今的恶意代码攻击提供了更高级别的安全防护。SybariAntigen8.0SR2版没有正确过滤SMTP信息,使得远程攻击者得以绕过客户过滤规则,通过标题为”Antigen提交的附件”的信息发送任意文件类型的附件。
|漏洞EXP
======================================================================
- Sybari Antigen for SMTP / Exchange Rule / Attachment Pass through -
======================================================================
1) Affected Software

Sybari Antigen v8.0 SR2 for Exchange/SMTP

Other versions may also be affected.

======================================================================
2) Description of Vulnerability

A vulnerability has been discovered in Antigen for Exchange/SMTP, which
could potentially be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused by the way Antigen processes its rules in
handling SMTP messages. A message, containing the Subject line of: 
"Antigen forwarded attachment" can be exploited to cause Antigen to
ignore custom filters allowing unwanted file attachments into the email
system. This vulnerability does not disable or bypass virus scanning of
attachments.

Successful exploitation may allow an unwanted file type to be delivered
into a user's email inbox.

======================================================================
3) Solution

Update to the latest version via online update.
(Antigen v8.0 sr3 for Exchange/SMTP Version 8.00.1517 SR3).

======================================================================
4) Credits

Reported by Alan G. Monaghan, Gardner Publications, Inc. on Thursday,
September 01, 2005
|参考资料

来源:XF
名称:antigen-subject-bypass-security(22327)
链接:http://xforce.iss.net/xforce/xfdb/22327
来源:BID
名称:14875
链接:http://www.securityfocus.com/bid/14875
来源:SECUNIA
名称:16759
链接:http://secunia.com/advisories/16759/
来源:BUGTRAQ
名称:20050919Antigen8.0forExchange/SMTPRuleVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112714679622107&w;=2
来源:SECTRACK
名称:1014934
链接:http://securitytracker.com/id?1014934
来源:SREASON
名称:15
链接:http://securityreason.com/securityalert/15

相关推荐: OpenBSD 3.3 – ‘Semget()’ Integer Overflow (1)

OpenBSD 3.3 – ‘Semget()’ Integer Overflow (1) 漏洞ID 1054107 漏洞类型 发布时间 2003-08-20 更新时间 2003-08-20 CVE编号 N/A CNNVD-ID N/A 漏洞平台 OpenBS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享