[Mimedefang] MIMEDefang 2.21 is released - Important Security Note
David F. Skoll
dfs at roaringpenguin.com
Thu Sep 12 11:56:02 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
MIMEDefang 2.21 is released. Also, a new version of the patched MIME-tools
has been put on the MIMEDefang site. Get everything at:
http://www.roaringpenguin.com/mimedefang/
Aviram Jenik posted a note on Bugtraq:
http://online.securityfocus.com/archive/1/291514
detailing how to bypass SMTP security scanners. MIMEDefang 2.20 and
earlier are vulnerable to this attack in their default configurations.
I recommend performing *both* of the following steps
1) Upgrade to the new MIME-Tools suite from my Web site.
2) Upgrade to MIMEDefang 2.21. Be sure to upgrade your filter, too;
see below.
Note that either step (1) or (2) alone will thwart the attack; I
still recommend doing both.
If, for some reason, you do not want to upgrade, then put the following
code in your filter() and filter_multipart() routines:
# Block message/partial parts
if (lc($type) eq "message/partial") {
action_quarantine_entire_message("Message quarantined because of message/partial type");
return action_discard();
}
The new sample filter does just that. Full changelog appended.
Regards,
David.
2002-09-12 David F. Skoll <dfs at roaringpenguin.com>
* Version 2.21 RELEASED
* Removed mime-tools-patch.txt. Instead, download the patched
MIME-Tools tarball from the MIMEDefang site.
* Documented $WarningLocation
* SECURITY UPDATE: Default filter rejects attachments of type
"message/partial". See
http://online.securityfocus.com/archive/1/291514
2002-09-10 David F. Skoll <dfs at roaringpenguin.com>
* mimedefang-multiplexor.c (statsLog): Do not log the date/time
if we log stats using syslog; it's redundant. We still include
a UNIX timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD4DBQE9gLkBxu9pkTSrlboRAlKWAKCJdY7sTkeXbnX+yyNlqDglO2iu3wCY0J3S
GFG9WcEc02mC782D7DyAaQ==
=Z185
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list