Clearswift MAILsweeper hotfix

From: fwegwg dfbndebndebner (erwin_listsat_private)
Date: Fri Mar 28 2003 - 06:25:32 PST

Next message: sir.mordredat_private: "RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator"

Previous message: Pez Mohr: "Re: D-Link DI-614 wiresless router crash/reboots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear mailinglist readers,

On the 17th of March 2003 Clearswift released a hotfix (4.3.7) for
MAILsweeper version 4.3. In the accompanied Readme file
(http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm)
three vulnerabilities are reported.  The first vulnerability is the MIME
evasion vulnerability which was reported by Corsaire.

The other two vulnerabilities are:
1. MAILsweeper for SMTP Version 4.3.6 (SP1) ignored the classification
configured for the On strip unsuccessful scenario outcome if a detected
attachment could not be removed from the message. This was the case for
all scenarios that have the ability to strip attachments. MAILsweeper
for SMTP Version 4.3.7 now follows the specified classification in the
event that the attachment cannot be removed successfully.

As a result of these changes, the behavior of the Attachment Stripper
scenario upon detecting certain format types that appear outside of an
attachment has changed from Version 4.3.6 (SP1). For detailed
information on the effect of these changes, see the Technotes under the
(Support page) of the MIMEsweeper website.

2. A fix to a memory leak in the MAILsweeper for SMTP Delivery service.

I tried to find more information on the Internet for these two
vulnerabilities, but I couldn't find any information. I contacted
Clearswift for additional information, but several attempts failed,
because they won't help companies or people without a Premium Support
contract.

I am wondering if these vulnerabilties are security related and could be
exploited by a local or remote attacker. The reason I am looking for
this information is that the company I am working for has it's own
vulnerability and alerting service for customers. We inform our
customers when security vulnerabilities are discovered in the software
products they use and how they can resolve this. The brief description
in the ReadMe file, doesn't give me enough information to judge if these
vulnerabilities are security related.

I hope anybody can provide me additional information.

Regards,

Erwin


_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Next message: sir.mordredat_private: "RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator"
Previous message: Pez Mohr: "Re: D-Link DI-614 wiresless router crash/reboots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 10:17:25 PST