Sign-up

ID

VAR-200509-0144


CVE

CVE-2005-3027


TITLE

Sybari Antigen Filter rule bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200509-195

DESCRIPTION

Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment". Sybari Antigen for Exchange/SMTP products are vulnerable to an attachment rule bypass vulnerability. A successful attack may result in arbitrary attachments and unwanted content being delivered to users. It should be noted that this issue does not disable or bypass antivirus scanning of attachments. Sybari Antigen v8.0 SR2 for Exchange and Sybari Antigen v8.0 SR2 for SMTP Gateways are reportedly vulnerable. Other versions may be affected as well. Sybari Antigen is a multi-scanning engine solution that integrates eight different scanning engines from detection to execution in a single product, providing a higher level of security protection against today's malicious code attacks. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Antigen for Exchange "Antigen forwarded attachment" Filter Bypass SECUNIA ADVISORY ID: SA16759 VERIFY ADVISORY: http://secunia.com/advisories/16759/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Antigen 8.x http://secunia.com/product/5731/ DESCRIPTION: Alan G. The vulnerability is caused due to a design error in the processing of mails with the subject "Antigen forwarded attachment". This can be exploited to bypass certain custom filters for file attachments. The vulnerability has been reported in version 8.0 SR2. Some other issues which may be security related have also been reported by the vendor. SOLUTION: Update to version 8.0 SR3 for Exchange (Build 1517). http://www.sybari.com/portal/alias__Rainbow/lang__en-US/tabID__3359/DesktopDefault.aspx PROVIDED AND/OR DISCOVERED BY: Alan G. Monaghan, Gardner Publications, Inc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-3027 // BID: 14875 // VULHUB: VHN-14236 // PACKETSTORM: 40136

AFFECTED PRODUCTS

vendor:sybarimodel:antigenscope:eqversion:8.0

Trust: 1.6

vendor:sybarimodel:antigen for smtp gateways sr2scope:eqversion:8.0

Trust: 0.3

vendor:sybarimodel:antigen for exchange sr2scope:eqversion:8.0

Trust: 0.3

sources: BID: 14875 // NVD: CVE-2005-3027 // CNNVD: CNNVD-200509-195

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2005-3027
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200509-195
value: MEDIUM

Trust: 0.6

VULHUB: VHN-14236
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VHN-14236
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-14236 // NVD: CVE-2005-3027 // CNNVD: CNNVD-200509-195

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3027

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200509-195

TYPE

Design Error

Trust: 0.9

sources: BID: 14875 // CNNVD: CNNVD-200509-195

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2005-3027

EXTERNAL IDS
db:BIDid:14875
Trust: 2.0
db:SECUNIAid:16759
Trust: 1.8
db:SECTRACKid:1014934
Trust: 1.7
db:NVDid:CVE-2005-3027
Trust: 1.7
db:SREASONid:15
Trust: 1.7
db:CNNVDid:CNNVD-200509-195
Trust: 0.7
db:XFid:22327
Trust: 0.6
db:BUGTRAQid:20050919 ANTIGEN 8.0 FOR EXCHANGE/SMTP RULE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-14236
Trust: 0.1
db:PACKETSTORMid:40136
Trust: 0.1
sources:
            
            
            VULHUB: VHN-14236 // 
            
            
            
            BID: 14875 // 
            
            
            
            PACKETSTORM: 40136 // 
            
            
            
            NVD: CVE-2005-3027 // 
            
            
            
            CNNVD: CNNVD-200509-195

REFERENCES
url:http://secunia.com/advisories/16759/
Trust: 1.8
url:http://www.securityfocus.com/bid/14875
Trust: 1.7
url:http://securitytracker.com/id?1014934
Trust: 1.7
url:http://securityreason.com/securityalert/15
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/22327
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=112714679622107&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/22327
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=112714679622107&w=2
Trust: 0.6
url:http://www.sybari.com/
Trust: 0.3
url:/archive/1/411062
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=112714679622107&w=2
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://www.sybari.com/portal/alias__rainbow/lang__en-us/tabid__3359/desktopdefault.aspx
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/5731/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-14236 // 
            
            
            
            BID: 14875 // 
            
            
            
            PACKETSTORM: 40136 // 
            
            
            
            NVD: CVE-2005-3027 // 
            
            
            
            CNNVD: CNNVD-200509-195

CREDITS
Discovered by Alan G. Monaghan.
Trust: 0.9
sources:
            
            
            BID: 14875 // 
            
            
            
            CNNVD: CNNVD-200509-195

SOURCES
db:VULHUBid:VHN-14236
db:BIDid:14875
db:PACKETSTORMid:40136
db:NVDid:CVE-2005-3027
db:CNNVDid:CNNVD-200509-195

LAST UPDATE DATE
2023-12-18T14:06:56.419000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-14236date:2017-07-11T00:00:00
db:BIDid:14875date:2005-09-19T00:00:00
db:NVDid:CVE-2005-3027date:2017-07-11T01:33:05.110
db:CNNVDid:CNNVD-200509-195date:2005-10-20T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-14236date:2005-09-21T00:00:00
db:BIDid:14875date:2005-09-19T00:00:00
db:PACKETSTORMid:40136date:2005-09-22T05:13:44
db:NVDid:CVE-2005-3027date:2005-09-21T22:03:00
db:CNNVDid:CNNVD-200509-195date:2005-09-21T00:00:00