FreeBSD : ripMIME -- decoding bug allowing content filter bypass (85e19dff-e606-11d8-9b0a-000347a4fa7d)

high Nessus Plugin ID 37039

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

ripMIME may prematurely terminate decoding Base64 encoded messages when it encounters multiple blank lines or other non-standard Base64 constructs. Virus scanning and content filtering tools that use ripMIME may therefore be bypassed.

The ripMIME CHANGELOG file says :

There's viruses going around exploiting the ability to hide the majority of their data in an attachment by using blank lines and other tricks to make scanning systems prematurely terminate their base64 decoding.

Solution

Update the affected package.

See Also

http://www.pldaniels.com/ripmime/CHANGELOG

http://www.nessus.org/u?78a982a4

http://www.nessus.org/u?8b72f325

Plugin Details

Severity: High

ID: 37039

File Name: freebsd_pkg_85e19dffe60611d89b0a000347a4fa7d.nasl

Version: 1.18

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:ripmime

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/27/2004

Vulnerability Publication Date: 7/30/2004

Reference Information

CVE: CVE-2004-2619

BID: 10848

Secunia: 12201