MAILsweeper Archive File Filtering Bypass

high Nessus Plugin ID 14360

Synopsis

The remote SMTP server has a security bypass vulnerability.

Description

The remote host is running MAILsweeper - a content security solution for SMTP.

According to its banner, the remote version of MAILsweeper may allow an attacker to bypass the archive filtering settings of the remote server by sending an archive in the format 7ZIP, ACE, ARC, BH, BZIP2, HAP, IMG, PAK, RAR or ZOO.

Solution

Upgrade to MAILsweeper 4.3.15 or later.

See Also

http://www.nessus.org/u?932e2128

Plugin Details

Severity: High

ID: 14360

File Name: mailsweeper_archive_filtering.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 8/23/2004

Updated: 7/14/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/13/2004

Reference Information

CVE: CVE-2003-0922, CVE-2003-0929, CVE-2003-0930

BID: 10940

Secunia: 12301