[Mimedefang] OT:new extension type vulnerablity.B64, .BHX, .HQX, .MIM, .UUE, .UU, and .XXE filetypes
Lucas Albers
albersl at cs.montana.edu
Mon Mar 1 18:04:37 EST 2004
There is a buffer overrun that affects winzip 6.2 through 9.0beta.
This is exploitable via a carefully crafted file type (see file types
below.) Vulnerability information:
http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
We are contemplating how to protect against this.
1.) Upgrade all users to Winzip 9.0.
2.) Remove attachment association from the following extensions, via mass
registry hack.
Which according to the winzip site,
http://www.winzip.com/fmwz90.htm
are these filetypes:
.B64, .BHX, .HQX, .MIM, .UUE, .UU, and .XXE filetypes,
3.) Block these additional attachment types at the server.
4.) Wait for virus updates from our vendor after the fact.
This just screams for a virus.
I think the easiest course of action would be to:
Block these file types at the mail server via extension blocking:
","
These file types except for HQX are not normally sent.
> WinZip MIME Parsing Buffer Overflow Vulnerability
>
> iDEFENSE Security Advisory 02.27.04a:
>
http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
> February 27, 2004
>
Ideas, comments?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list