[Full-Disclosure] Antigen Path Disclosure

From: morning_wood (se_cur_ityat_private)
Date: Fri May 30 2003 - 18:35:35 PDT

Next message: Matthew Murphy: "[Full-Disclosure] Additional Details of Apache 2.x Security Flaw (Attack Vectors)"

Previous message: Dave Ahmad: "iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability"
Next in thread: morning_wood: "Re: [Full-Disclosure] Antigen Path Disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

------------------------------------------------------------------
- EXPL-A-2003-001 exploitlabs.com Advisory 001
------------------------------------------------------------------

     -=- Antigen 7.0 Path Disclosure -=-


Product:
--------

Antigen for Exchange

Sybari Software
516-630-8500
Web: http://www.sybari.com
Price: $4995 (to protect 250 users)
System Requirements:
Windows NT / XP / 2000
Microsoft Exchange Server 5.


Prodict Info:
-------------
 Antigen for Exchange is an email anti-viral agent.

Antigen for Exchange
http://www.sybari.com/products/antigen_exchange.asp



Affected Versions:
------------------

All  to current 7.0 SP1

Issue:
------

 Upon discovery of a suspected email viri or attatchment,
Antigen sends a return email to the original senders email.
The body of the message contains the installed patch of the
Antigen Product. Further it appears the Antigen discards mails
not genuinly infected, but searches only "keywords", physically
deleting many non-viral messages and attatchments.


Samples:
--------
1) from return of a NON infected mail on Full Disclosure...

Antigen for Exchange found Unknown infected with VIRUS= JS/Kak@ (Norman)
worm.
The message is currently Purged.  The message, "[Full-Disclosure] MSN search
spoof", was
sent from morning_wood  and was discovered in SMTP Messages\Inbound
located at Wharton School/Student Mail/COURIER1.

2) from a google search of "Antigen for Exchange found" ...

Antigen for Exchange found Unknown infected with VIRUS=
HTML.MimeExploit.Klez
(CA(Vet),Kaspersky) worm.
The message is currently Purged.  The message, "Hi,the Garden of Eden", was
sent from commit-grub  and was discovered in SMTP Messages\Inbound And
Outbound
located at JN-MAIL/First Administrative Group/JN-SVR002.



Vendor Fix:
-----------

No fix on 0day

Vendor Contact:
---------------

Concurent with this advisory.




Credits:
--------

Donnie Werner
http://exploitlabs.com
morning_woodat_private
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Matthew Murphy: "[Full-Disclosure] Additional Details of Apache 2.x Security Flaw (Attack Vectors)"
Previous message: Dave Ahmad: "iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability"
Next in thread: morning_wood: "Re: [Full-Disclosure] Antigen Path Disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 30 2003 - 19:17:44 PDT