[Mimedefang] MIMEDefang 2.21 is released - Important Security Note

Vincent Jaussaud tatooin at kelkoo.com
Fri Sep 13 08:18:03 EDT 2002


If we upgrade to MD 2.21 + MIME-Tools RP, what happens with clean
multipart messages ? 

Eg, will MD be able to distinguish clean multipart messages from
malicious ones (which suppose that MD will have to reassemble such
messages) or do we quarantine any of them ?

Cheers,
Vincent.

On Thu, 2002-09-12 at 17:55, David F. Skoll wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> MIMEDefang 2.21 is released.  Also, a new version of the patched MIME-tools
> has been put on the MIMEDefang site.  Get everything at:
> 
> 	http://www.roaringpenguin.com/mimedefang/
> 
> Aviram Jenik posted a note on Bugtraq:
> 
> 	http://online.securityfocus.com/archive/1/291514
> 
> detailing how to bypass SMTP security scanners.  MIMEDefang 2.20 and
> earlier are vulnerable to this attack in their default configurations.
> I recommend performing *both* of the following steps
> 
> 1) Upgrade to the new MIME-Tools suite from my Web site.
> 2) Upgrade to MIMEDefang 2.21.  Be sure to upgrade your filter, too;
>    see below.
> 
> Note that either step (1) or (2) alone will thwart the attack; I
> still recommend doing both.
> 
> If, for some reason, you do not want to upgrade, then put the following
> code in your filter() and filter_multipart() routines:
> 
> # Block message/partial parts
> if (lc($type) eq "message/partial") {
>     action_quarantine_entire_message("Message quarantined because of message/partial type");
>     return action_discard();
> }
> 
> The new sample filter does just that.  Full changelog appended.
> 
> Regards,
> 
> David.
> 2002-09-12  David F. Skoll  <dfs at roaringpenguin.com>
> 
> 	* Version 2.21 RELEASED
> 
> 	* Removed mime-tools-patch.txt.  Instead, download the patched
> 	MIME-Tools tarball from the MIMEDefang site.
> 
> 	* Documented $WarningLocation
> 
> 	* SECURITY UPDATE: Default filter rejects attachments of type
> 	"message/partial".  See
> 	http://online.securityfocus.com/archive/1/291514
> 
> 2002-09-10  David F. Skoll  <dfs at roaringpenguin.com>
> 
> 	* mimedefang-multiplexor.c (statsLog): Do not log the date/time
> 	if we log stats using syslog; it's redundant.  We still include
> 	a UNIX timestamp.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
> 
> iD4DBQE9gLkBxu9pkTSrlboRAlKWAKCJdY7sTkeXbnX+yyNlqDglO2iu3wCY0J3S
> GFG9WcEc02mC782D7DyAaQ==
> =Z185
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
-- 
Vincent Jaussaud
Kelkoo.com Security Manager 
email: tatooin at kelkoo.com

"The UNIX philosophy is to design small tools that do one thing, and do
it well."




More information about the MIMEDefang mailing list