McAfee Spamkiller Spam Filter Bypass

2004-07-16T03:57:05
ID OSVDB:7959
Type osvdb
Reporter Greg(chows@ozemail.com.au)
Modified 2004-07-16T03:57:05

Description

Vulnerability Description

McAfee SpamKiller contains a flaw that may allow a malicious user to avoid the spam filter. The issue is triggered due to a valid FRIENDS name entry being matched regardless of the corresponding FRIENDS email address of an incoming e-mail. This may allow mail to pass the filter regardless of the intended configuration or filtering. The impact of this flaw is of concern, but may not directly affect security of every installation.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

McAfee SpamKiller contains a flaw that may allow a malicious user to avoid the spam filter. The issue is triggered due to a valid FRIENDS name entry being matched regardless of the corresponding FRIENDS email address of an incoming e-mail. This may allow mail to pass the filter regardless of the intended configuration or filtering. The impact of this flaw is of concern, but may not directly affect security of every installation.

References:

Vendor URL: http://www.mcafee.com/us/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0684.html