|
Antigen for Exchange and SMTP Rule Bypassing Vulnerability |
|
|
|
|
Wednesday, 21 September 2005 |
Summary
"Antigen for Microsoft Exchange delivers comprehensive server-level antivirus protection with a unique, powerful multiple scan engine management approach and advanced content-filtering capabilities".
By creating an email message with a specific subject, attackers can attach any file they wish, which under normal circumstances would be filtered by Antigen for Exchange and SMTP.
Credit:
The information has been provided by Alan Monaghan.
Details
Vulnerable Systems:
* Sybari Antigen version 8.0 SR2 for Exchange and SMTP
Immune Systems:
* Sybari Antigen version 8.00.1517 SR3 for Exchange and SMTP
A vulnerability has been discovered in Antigen for Exchange/SMTP, which could potentially be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused by the way Antigen processes its rules in handling SMTP messages. A message, containing the Subject line of: "Antigen forwarded attachment" can be exploited to cause Antigen to ignore custom filters allowing unwanted file attachments into the email system. This vulnerability does not disable or bypass virus scanning of attachments.
Successful exploitation may allow an unwanted file type to be delivered into a users email inbox. |