MAILsweeper for SMTP Attachment Blocking Bypass

2004-08-13T05:53:55
ID OSVDB:8844
Type osvdb
Reporter Martin O'Neal(martin.oneal@corsaire.com)
Modified 2004-08-13T05:53:55

Description

Vulnerability Description

Clearswift MAILsweeper contains a flaw that may allow a malicious user to bypass SMTP attachment blocking. The issue is triggered when MAILsweeper does not properly filter and/or block certain types of compression formats. It is possible that the flaw may allow an attacker to bypass remote SMTP attachment blocking.

Solution Description

Upgrade to version 4.3_15 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Clearswift MAILsweeper contains a flaw that may allow a malicious user to bypass SMTP attachment blocking. The issue is triggered when MAILsweeper does not properly filter and/or block certain types of compression formats. It is possible that the flaw may allow an attacker to bypass remote SMTP attachment blocking.

References:

Security Tracker: 010953 Security Tracker: 1010953 Secunia Advisory ID:12301 Other Advisory URL: http://www.corsaire.com/advisories/c030807-001.txt Generic Informational URL: http://www.clearswift.com CVE-2003-0929 CVE-2003-0930 CVE-2003-0928