SMTP Proxy Bypass in WatchGuard Firebox 2500 and 4500
CVE-2001-0692

Currently unrated

Key Information:

Vendor: Watchguard
Status: Firebox 2500; Firebox 4500
Vendor: CVE Published:; 20 September 2001

Summary

The WatchGuard Firebox 2500 and 4500 models, running versions 4.5 and 4.6, contain a vulnerability in the SMTP proxy that permits remote attackers to circumvent firewall filtering mechanisms. This is accomplished by exploiting specially crafted base64 MIME encoded email attachments whose boundary names end in two dashes. This vulnerability could potentially allow unauthorized access to internal networks, posing a significant risk to the security posture of affected systems.

References

http://marc.info/?l=bugtraq&m=99379787421319&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/189783

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/6682

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 20, 2001
Vulnerability Reserved
Aug 29, 2001