[40374] in bugtraq
Antigen 8.0 for Exchange/SMTP Rule Vulnerability
daemon@ATHENA.MIT.EDU (Alan Monaghan)
Mon Sep 19 12:22:22 2005
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Mon, 19 Sep 2005 11:54:05 -0400
Message-ID: <DA5295D75E25C74E8BECF52D606C02B264A8@clavin.GarPub.com>
From: "Alan Monaghan" <AlanM@Gardnerweb.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
======================================================================
- Sybari Antigen for SMTP / Exchange Rule / Attachment Pass through -
======================================================================
1) Affected Software
Sybari Antigen v8.0 SR2 for Exchange/SMTP
Other versions may also be affected.
======================================================================
2) Description of Vulnerability
A vulnerability has been discovered in Antigen for Exchange/SMTP, which
could potentially be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused by the way Antigen processes its rules in
handling SMTP messages. A message, containing the Subject line of:
"Antigen forwarded attachment" can be exploited to cause Antigen to
ignore custom filters allowing unwanted file attachments into the email
system. This vulnerability does not disable or bypass virus scanning of
attachments.
Successful exploitation may allow an unwanted file type to be delivered
into a user's email inbox.
======================================================================
3) Solution
Update to the latest version via online update.
(Antigen v8.0 sr3 for Exchange/SMTP Version 8.00.1517 SR3).
======================================================================
4) Credits
Reported by Alan G. Monaghan, Gardner Publications, Inc. on Thursday,
September 01, 2005
