[Mimedefang] MIMEDefang 2.21 is released - Important Security Note
Vincent Jaussaud
tatooin at kelkoo.com
Fri Sep 13 08:18:03 EDT 2002
If we upgrade to MD 2.21 + MIME-Tools RP, what happens with clean
multipart messages ?
Eg, will MD be able to distinguish clean multipart messages from
malicious ones (which suppose that MD will have to reassemble such
messages) or do we quarantine any of them ?
Cheers,
Vincent.
On Thu, 2002-09-12 at 17:55, David F. Skoll wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> MIMEDefang 2.21 is released. Also, a new version of the patched MIME-tools
> has been put on the MIMEDefang site. Get everything at:
>
> http://www.roaringpenguin.com/mimedefang/
>
> Aviram Jenik posted a note on Bugtraq:
>
> http://online.securityfocus.com/archive/1/291514
>
> detailing how to bypass SMTP security scanners. MIMEDefang 2.20 and
> earlier are vulnerable to this attack in their default configurations.
> I recommend performing *both* of the following steps
>
> 1) Upgrade to the new MIME-Tools suite from my Web site.
> 2) Upgrade to MIMEDefang 2.21. Be sure to upgrade your filter, too;
> see below.
>
> Note that either step (1) or (2) alone will thwart the attack; I
> still recommend doing both.
>
> If, for some reason, you do not want to upgrade, then put the following
> code in your filter() and filter_multipart() routines:
>
> # Block message/partial parts
> if (lc($type) eq "message/partial") {
> action_quarantine_entire_message("Message quarantined because of message/partial type");
> return action_discard();
> }
>
> The new sample filter does just that. Full changelog appended.
>
> Regards,
>
> David.
> 2002-09-12 David F. Skoll <dfs at roaringpenguin.com>
>
> * Version 2.21 RELEASED
>
> * Removed mime-tools-patch.txt. Instead, download the patched
> MIME-Tools tarball from the MIMEDefang site.
>
> * Documented $WarningLocation
>
> * SECURITY UPDATE: Default filter rejects attachments of type
> "message/partial". See
> http://online.securityfocus.com/archive/1/291514
>
> 2002-09-10 David F. Skoll <dfs at roaringpenguin.com>
>
> * mimedefang-multiplexor.c (statsLog): Do not log the date/time
> if we log stats using syslog; it's redundant. We still include
> a UNIX timestamp.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
>
> iD4DBQE9gLkBxu9pkTSrlboRAlKWAKCJdY7sTkeXbnX+yyNlqDglO2iu3wCY0J3S
> GFG9WcEc02mC782D7DyAaQ==
> =Z185
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin at kelkoo.com
"The UNIX philosophy is to design small tools that do one thing, and do
it well."
More information about the MIMEDefang
mailing list