[Mimedefang] MIMEDefang 2.21 is released - Important Security Note

Rich West Rich.West at wesmo.com
Thu Sep 12 12:35:01 EDT 2002 

Umm.. I just downloaded and built 2.21, but the mime-tools-patch.txt
file is not part of the distribution...

-Rich



David F. Skoll wrote:

 >-----BEGIN PGP SIGNED MESSAGE-----
 >Hash: SHA1
 >
 >Hi,
 >
 >MIMEDefang 2.21 is released.  Also, a new version of the patched 
MIME-tools
 >has been put on the MIMEDefang site.  Get everything at:
 >
 >	http://www.roaringpenguin.com/mimedefang/
 >
 >Aviram Jenik posted a note on Bugtraq:
 >
 >	http://online.securityfocus.com/archive/1/291514
 >
 >detailing how to bypass SMTP security scanners.  MIMEDefang 2.20 and
 >earlier are vulnerable to this attack in their default configurations.
 >I recommend performing *both* of the following steps
 >
 >1) Upgrade to the new MIME-Tools suite from my Web site.
 >2) Upgrade to MIMEDefang 2.21.  Be sure to upgrade your filter, too;
 >   see below.
 >
 >Note that either step (1) or (2) alone will thwart the attack; I
 >still recommend doing both.
 >
 >If, for some reason, you do not want to upgrade, then put the following
 >code in your filter() and filter_multipart() routines:
 >
 ># Block message/partial parts
 >if (lc($type) eq "message/partial") {
 >    action_quarantine_entire_message("Message quarantined because of 
message/partial type");
 >    return action_discard();
 >}
 >
 >The new sample filter does just that.  Full changelog appended.
 >
 >Regards,
 >
 >David.
 >2002-09-12  David F. Skoll  <dfs at roaringpenguin.com>
 >
 >	* Version 2.21 RELEASED
 >
 >	* Removed mime-tools-patch.txt.  Instead, download the patched
 >	MIME-Tools tarball from the MIMEDefang site.
 >
 >	* Documented $WarningLocation
 >
 >	* SECURITY UPDATE: Default filter rejects attachments of type
 >	"message/partial".  See
 >	http://online.securityfocus.com/archive/1/291514
 >
 >2002-09-10  David F. Skoll  <dfs at roaringpenguin.com>
 >
 >	* mimedefang-multiplexor.c (statsLog): Do not log the date/time
 >	if we log stats using syslog; it's redundant.  We still include
 >	a UNIX timestamp.
 >
 >-----BEGIN PGP SIGNATURE-----
 >Version: GnuPG v1.0.6 (GNU/Linux)
 >Comment: For info see http://quantumlab.net/pine_privacy_guard/
 >
 >iD4DBQE9gLkBxu9pkTSrlboRAlKWAKCJdY7sTkeXbnX+yyNlqDglO2iu3wCY0J3S
 >GFG9WcEc02mC782D7DyAaQ==
 >=Z185
 >-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list