[Mimedefang] OT:new extension type vulnerablity.B64, .BHX, .HQX, .MIM, .UUE, .UU, and .XXE filetypes

Lucas Albers albersl at cs.montana.edu
Mon Mar 1 18:04:37 EST 2004


There is a buffer overrun that affects winzip 6.2 through 9.0beta.
This is exploitable via a carefully crafted file type (see file types
below.) Vulnerability information:
http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true



We are contemplating how to protect against this.
1.) Upgrade all users to Winzip 9.0.
2.) Remove attachment association from the following extensions, via mass
registry hack.

Which according to the winzip site,
http://www.winzip.com/fmwz90.htm

are these filetypes:
.B64, .BHX, .HQX, .MIM, .UUE, .UU, and .XXE filetypes,

3.) Block these additional attachment types at the server.

4.) Wait for virus updates from our vendor after the fact.
This just screams for a virus.


I think the easiest course of action would be to:

Block these file types at the mail server via extension blocking:

","


These file types except for HQX are not normally sent.


> WinZip MIME Parsing Buffer Overflow Vulnerability
>
> iDEFENSE Security Advisory 02.27.04a:
>
http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
> February 27, 2004
>
Ideas, comments?

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



More information about the MIMEDefang mailing list