Fragmented Email Bypass in GFI MailSecurity, InterScan VirusWall, and MIMEDefang
CVE-2002-1121

Currently unrated

Key Information:

Vendor: Gfi
Status: Mailsecurity; Interscan Viruswall; Mimedefang; Webshield Smtp
Vendor: CVE Published:; 24 September 2002

What is CVE-2002-1121?

SMTP content filter engines like GFI MailSecurity, InterScan VirusWall, and MIMEDefang are vulnerable due to improper detection of fragmented emails according to RFC2046. These vulnerabilities allow remote attackers to avoid content filtering mechanisms, including virus scanning, by exploiting message/partial content types present in fragmented emails. The default configurations of these products may not address this security gap, leading to potential exploitation of email systems.

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/...

mailing-listx_refsource_VULNWATCH

http://marc.info/?l=bugtraq&m=103184267105132&w=2

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2002-09/01...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 24, 2002
Vulnerability Reserved
Sep 11, 2002

Gfi

What is CVE-2002-1121?

References

Timeline