| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jul 2005 18:08:01 +0200 From: "Alexander Hagenah" <webmaster@...mepage.de> To: <bugtraq@...urityfocus.com> Subject: 05_07_14-bitdefender_malicious_content_bypass --/ INTRODUCTION -- Advisory : 05_07_14-bitdefender_malicious_content_bypass Release Date : 14. July 2005 Application : BitDefender Antivirus Impact : Malicious content bypass Author : Alexander 'xaitax' Hagenah [ah at primepage dot de] --/ SYSTEMS AFFECTED -- BitDefender running on Linux/BSD * Engine 1.6.1 and prior --/ VENDOR -- Informed : 04. July 2005 Response : 05. July 2005 Patched : 13. July 2005 --/ ABOUT -- BitDefender Antivirus & Antispam for Linux and FreeBSD Mail Servers The BitDefender solutions for Mail Servers running on Linux and FreeBSD platforms provide content security at the gateway level, by scanning all the inbound and outbound e-mail traffic for malware and spam. --/ SUMMARY -- The BitDefender-Mail Server Scan-Engine is vulnerable against a simple attachment `attack'. A Scan-Engine normally splits a mail into header, body and attachments. So the Scan-Engine is easily able to scan all the attachments in it's origin format. If there is more than one element, it simply jumps to the following and does it's job again. Not this one - in this engine only the first element is counted and scanned. If there is more than one attachment, the following ones are ignored. So you could simply add somewhere into the mail the following lines: .-- | begin | end `-- Now the engine expect this to be the first attachment and stops scanning the mail. So there is no problem to add an attachment with malicious content which will be ignored by the BitDefender scanner. This only depends to UUencoded mails. For more information about UUencode take a look at http://en.wikipedia.org/wiki/Uuencode. --/ REPRODUCE -- If the engine is somewhere productive running, you can test it - maybe with EICAR as attachment - and put into the body the begin/end content. If not, there is a evaluation version to download on the bitdefender-page. --/ PATCH -- The patch is automatically downloaded by the bitdefender update engine. It works with all versions, because all updates are transferred into Plugins/ directory. --/ CONTACT -- This advisory is provided by: - ( x a i t a x - s e c u r i t y ) - http://xaitax.de | ah at primepage dot de top concepts Internetmarketing GmbH http://topconcepts.de | hagenah at topconcepts dot de
Powered by blists - more mailing lists