|
|
|
|
| |
| WebShield SMTP is a firewall-independent scanner that can easily plugs into virtually any existing network framework. WebShield achieves this integration by implementing a gateway virus scanner that acts like your existing SMTP gateway. Two security vulnerabilities in the product have been discovered; one allows bypassing of the content filtering mechanism, and the other enables remote attackers to crash the remote server. |
| |
Credit:
The information has been provided by Jari Helenius.
|
| |
Vulnerable systems:
WebShield SMTP 4.5 Content filter
Content filtering bypass:
If an attacker sends a message containing a special character (non alphanumeric), such as ?, ?, or EUR, the content filtering mechanism may not be able to interpret it correctly, thus allowing it to traverse the filtering mechanism.
Crash:
By sending such an email with a recipient of, test@%20k%20k%20k%20k%20k%20k
A remote attacker can crash the server.
Workaround (Percent sign vulnerability):
(If you have installed hot fix 4, the newest is hot fix 8)
The following allows blocking of recipients with the '%' sign in the email address.
Key and its usage:
\\HKLM\Software\Network Associates\TVD\WebShield SMTP\MailScan\BlockPercent
To enable blocking set this to 1
To disable blocking set this to 0
|
|
|
|
|
|
|
|
|
|
