Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1121

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1121
Last Modified 10 Sep 2008 08:03:00
Published 24 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1121

Summary

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.

Vulnerable Systems

Application

  • Gfi Mailsecurity 7.2

  • Network Associates Webshield Smtp 4.0.5

  • Network Associates Webshield Smtp 4.5

  • Network Associates Webshield Smtp 4.5.44

  • Network Associates Webshield Smtp 4.5.74.0

  • Roaring Penguin Canit 1.2

  • Roaring Penguin Mimedefang 2.14

  • Roaring Penguin Mimedefang 2.20

  • Trend Micro Interscan Viruswall 3.5

  • Trend Micro Interscan Viruswall 3.51

  • Trend Micro Interscan Viruswall 3.52


References

CERT-VN - VU#836088

BUGTRAQ - 20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )

BID - 5696

MISC - http://www.securiteam.com/securitynews/5YP0A0K8CM.html

XF - smtp-content-filtering-bypass(10088)

VULNWATCH - 20020912 Bypassing SMTP Content Protection with a Flick of a Button

BUGTRAQ - 20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button

BUGTRAQ - 20020912 Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button"


Last Updated: 27 May 2016 10:37:12