From: Rainer L. <li...@su...> - 2000-07-27 15:31:34
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AMaViS Security Announcement Date: 07/27/2000 affected version(s): AMaViS 0.2.0-pre6-clm-rl-8-04-07-2000 and later if reformime below 1.01 is used (AMaViS-Perl is NOT affected) Vulnerability Type: attacker could pass virus through AMaViS / Denial-of-Service attack against AMaViS Priority: urgent Solution: apply patch / update reformime Author: Rainer Link <li...@su...> Advisory ID: ASA-2000-2 - --------------------------------------------------------------------------- 1. Problem description AMaViS uses reformime, part of the maildrop package, to split eMail messages in its parts. reformime version below 1.0 (tested with 0.76b) overwrite files with the same file names. reformime version 1.0 tries to avoid overwritting files but a bug causes an endless loop. 2. Impact reformime below 1.0: an attacker can create an eMail message with two attachments with the same file name. The first file contains a virus, the second one is clean. reformime overwrites the first one with the second. Therefore no virus is detected and the mail will be delivered to user(s). reformime 1.0 tries to avoid clobbering of existing files but due to a bug it will end up in an endless loop. This could be used as a denial-of-service attack against AMaViS. 3. Solution Apply the provided patch for reformime 1.0. Or update to maildrop 1.01, which will be released soon according to the author. Or if possible use AMaViS-Perl instead, which uses a Perl module for MIME handling. 4. Acknowledgment This bug was discovered by Rainer Link. We would like to thank Sam Varshavchik, the author of maildrop, for providing a patch quickly. 5. References reformime, part of the maildrop package, can be found at http://www.flounder.net/~mrsam/maildrop/ 6. Revision History 07/27/2000: initial release =========================================================================== - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDjaUVwRBACPlluFzjLsjxV4ynz41Zk1S2GLF1/U3xE2HNcfk+a2Ij6sH64O yPtBR9WX9x/QW3g9LnW86DHWgnh408D7jtd4/imJDyiNGqMregmkDjEWa6TIsXwB RlG/DRpFbfwc4yRqQPklcgCIH/KlxgkJ1QTezpltRiQBfpWZKOrA1tLGGwCgw4/o pU+RdnilbrDc6MZx7WQkzKED+QEUt4/++VyvPZjQCOmxFk4GpQZNP99D40eJFwyx JkRGVl4f1wAgi0Q3NSSJyl1j9qGxz0c8DmR1F0yJtyg8+fqpKomtg+lHasvELom4 g0cGjnjtwx7sgtga4BIxUUpWTZLkMftWQigWgwWp3e5b6RCfHTUxuOUtgBBmjQB8 x04ABACNTYjjBcUKJYzp3Hx8wz39MVznYl8KXuXHIGY0ccbPmv3J6zjXvSr4++AZ +U1qUSGJUyW0xpSWnsxHRI/qkiI5KPNbLYPFMbYjLHH2H5grjdnw7X71NAEW13Mv 0V9Fgs1mn93BkVn8V+U8vGPcgwTegcEWCe6V06HZD6Ep46W7drQnUmFpbmVyIEhl cm1hbm4gTGluayA8UmFpbmVyTGlua0BnbXguZGU+iFYEExECABYFAjjaUVwECwoE AwMVAwIDFgIBAheAAAoJEJsaBUwTtEB5iDoAoI+nE3VeD0gGtuaTHhLmKPA7rfmJ AKCf+H996kGJ65ZmqWsTrV2iuyqniIkBIgQQAQEADAUCONuGTwUDAeEzgAAKCRCX VPlSyTX7PUP3CACZG7hK9GMg7gL2pWs6ZEPC+ANUGh3KL5F/cYjngQJf+YABXvJ/ g8Up0voHooSq+lGQMxPZjK2sxLF/aOkmRW+r/uC1pxwbAOLgRRC/X33CVA+XhJ0r UvYJGHUjDRoe690vWkxyDDCVGVlsD3+5w7Ljsq0hoiRFF+32HyJzHY1bcC3d+W5V IPBze9bJvcDspJbCOXVc87d2tOfYR85mdOcsotNhAZJWtZvBkhj9xvxlu8BrAOUe e+1ZbeMNlrDnmMGMYc2kF4gSbAHfmYR9Zepng60s5rWktEUzlJoUDRPKI2FmNT3E K9dycZXhsdcDUnzAimm4MrvEn2pexSC2rE4NtCJSYWluZXIgSGVybWFubiBMaW5r IDxsaW5rQHN1c2UuZGU+iFUEExECABYFAjlosj0ECwoEAwMVAwIDFgIBAheAAAoJ EJsaBUwTtEB5yj0AniSu6k2wR6LF122b5aUVUwhXoHtlAJdMS/Gijbx8m4MI9thX qXp5azRNtClSYWluZXIgSGVybWFubiBMaW5rIDxSYWluZXIuTGlua0BzdXNlLmRl PohWBBMRAgAWBQI5aLJjBAsKBAMDFQMCAxYCAQIXgAAKCRCbGgVME7RAeWHEAJ45 eGd260EM04tUuIhh2fxI0RyhPwCfVU8nrwC7pbwj7Dsa07fvwE0soYW5Ag0EONpS FBAIAJoCSZEyxdupx95EPn8XPGV7ugg+5BMIDTA6J30HD78RQQkDQCBMTDLCcMpz uukxXByAUMUNpf8RlZEN9U582BjdPYNYRa4VP5QJbvpjC08YeWQs+sD3n0HT/ArL FGlC+rSf1vJoaKI2ggTlRV1L04yEhCEH9zQDPKjFH4aIci2IghOJB/xZaRF69khN IlifD8SglIQ9FcEhc5+sUIZdeu/+XVlgwgBc4XF7+W40PNZ4uXMhElbzGP5jqTdo nFS+AlV/OsElQ+ma4atZicfVjRaVTxovAl91ZeVr5v7XGvpvh3rmtOyP/pVYf4ii 5Y6nu8OFXGo4Bsx3FqSZkQ2jh3cAAwUIAICCSuAuPCYaKYA168gNDZjsadQNhCpw 2o7zsKpSmQ6hxd4aRQ1TO631nNDx2D+/ffk7ET5VT3n4gezUn2ITZHdrTk1GUpLR 3czoMZIBL6Eit9mEmRe1XZ/3Q5lEUZHm8wEqqIZPPVhxZAFXDBucQlPO1lFKd8rM UC+3+oU7RF9PpwzdQ+d/iMGmFMKXTH7o2qRV64cVMkWuMpMQARfA+i3YGPqqZfIb dlMHXJ0oA32+eTUqOTtucD64XvcYSUQQ1tsHeijvrHq71zLfL6t1Dhwt+JDRMz3S fDggxQs2oaB9Y+rxfbX7ajcHl0rc67sTTC+wDXIq+25FhnYPu+NV6kmIRgQYEQIA BgUCONpSFAAKCRCbGgVME7RAeTYdAKCifLnHBBVPhcSRRffljCryGujZJQCfYcrQ VrZ22GYrSJJn3sNjQKAHd3w= =Fsd9 - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5gFSamxoFTBO0QHkRAgLyAKC1i59LIB07e5V9r+wIg9kR3Dp6aQCfR3Nb p8/9+2qTYbOksmM+9uGIeuM= =bpQK -----END PGP SIGNATURE----- -- Rainer Link, SuSE GmbH, eMail: li...@su..., Web: www.suse.de Developer of A Mail Virus Scanner (AMaViS): http://amavis.org/ Founder of Linux AntiVirus Project: http://lavp.sourceforge.net/ |