|
MAILsweeper for SMTP Filter Bypass and Denial of Service
|
|
Secunia Advisory:
|
SA8738
|
|
|
Release Date:
|
2003-05-07
|
|
Popularity:
|
5,748 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | CS MAILsweeper 4.x for SMTP
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
ClearSwift has issued a patch for MAILsweeper. This fixes two vulnerabilities, which potentially can be exploited to bypass certain filters or cause a DoS (Denial of Service).
1) Certain PowerPoint files can cause the Security service to enter an endless loop, which results in exhaustion of system resources.
2) Some attachments are not blocked if the attachment file name consists of multiple extensions combined with large blocks of white spaces.
Solution:
Apply MAILsweeper 4.3 for SMTP Hotfix (4.3.8):
http://www.clearswift.com/download/SQL/downloadList.asp?productID=306
Original Advisory:
http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
