[Mimedefang] MIMEDefang 2.21 is released - Important Security Note

Jay DeSotel jay at interl.net
Thu Sep 12 12:35:06 EDT 2002 

<SNIP>
> * Removed mime-tools-patch.txt.  Instead, download the patched
>   MIME-Tools tarball from the MIMEDefang site.
</SNIP>

--
Jay DeSotel

On Thu, 12 Sep 2002, Rich West wrote:

> Umm.. I just downloaded and built 2.21, but the mime-tools-patch.txt
> file is not part of the distribution...
>
> -Rich
>
>
>
> David F. Skoll wrote:
>
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Hi,
> >
> >MIMEDefang 2.21 is released.  Also, a new version of the patched MIME-tools
> >has been put on the MIMEDefang site.  Get everything at:
> >
> >	http://www.roaringpenguin.com/mimedefang/
> >
> >Aviram Jenik posted a note on Bugtraq:
> >
> >	http://online.securityfocus.com/archive/1/291514
> >
> >detailing how to bypass SMTP security scanners.  MIMEDefang 2.20 and
> >earlier are vulnerable to this attack in their default configurations.
> >I recommend performing *both* of the following steps
> >
> >1) Upgrade to the new MIME-Tools suite from my Web site.
> >2) Upgrade to MIMEDefang 2.21.  Be sure to upgrade your filter, too;
> >   see below.
> >
> >Note that either step (1) or (2) alone will thwart the attack; I
> >still recommend doing both.
> >
> >If, for some reason, you do not want to upgrade, then put the following
> >code in your filter() and filter_multipart() routines:
> >
> ># Block message/partial parts
> >if (lc($type) eq "message/partial") {
> >    action_quarantine_entire_message("Message quarantined because of message/partial type");
> >    return action_discard();
> >}
> >
> >The new sample filter does just that.  Full changelog appended.
> >
> >Regards,
> >
> >David.
> >2002-09-12  David F. Skoll  <dfs at roaringpenguin.com>
> >
> >	* Version 2.21 RELEASED
> >
> >	* Removed mime-tools-patch.txt.  Instead, download the patched
> >	MIME-Tools tarball from the MIMEDefang site.
> >
> >	* Documented $WarningLocation
> >
> >	* SECURITY UPDATE: Default filter rejects attachments of type
> >	"message/partial".  See
> >	http://online.securityfocus.com/archive/1/291514
> >
> >2002-09-10  David F. Skoll  <dfs at roaringpenguin.com>
> >
> >	* mimedefang-multiplexor.c (statsLog): Do not log the date/time
> >	if we log stats using syslog; it's redundant.  We still include
> >	a UNIX timestamp.
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.0.6 (GNU/Linux)
> >Comment: For info see http://quantumlab.net/pine_privacy_guard/
> >
> >iD4DBQE9gLkBxu9pkTSrlboRAlKWAKCJdY7sTkeXbnX+yyNlqDglO2iu3wCY0J3S
> >GFG9WcEc02mC782D7DyAaQ==
> >=Z185
> >-----END PGP SIGNATURE-----
> >
> >_______________________________________________
> >MIMEDefang mailing list
> >MIMEDefang at lists.roaringpenguin.com
> >http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> >
> >
>
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>

More information about the MIMEDefang mailing list