Notified: September 04, 2002 Updated: September 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 13, 2002 Updated: September 18, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The following response from Check Point appears in the SecuriTeam advisory: Neither the latest 4.1 nor the latest NG versions of FW-1 are vulnerable to this problem. A few details follow: 1. FW-1 does not directly analyze the body of attachments. In that respect, the vulnerability is not applicable to FW-1. 2. FW-1 has the capability to easily filter these types of messages, by specifying "message/partial" in the "Strip MIME of type:" section of the resource definition. 3. FW-1 does serve as a platform for third party vendors to check attachments for viruses via the "CVP" OPSEC mechanism. When defining a CVP server, a message box is presented to the administrator (when approving the resource) that says: "When CVP server is used it is recommended to strip MIME of type 'message/partial'. Do you want to add 'message/partial'?" Pressing "Yes" will automatically add 'message/partial' to the appropriate place in the resource definition. We therefore believe is safe to say that not only are we not vulnerable to this problem ourselves, we also protect 3rd party opsec partners from falling for this pitfall.
Updated: September 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2002 Updated: September 18, 2002
Affected
Internal evaluation has revealed that Command AntiVirus(tm) for Microsoft Exchange is vulnerable. Command is working on possible solution. Additionally, should known malicious code be delievered to a client in this manner, the Command AntiVirus will detect it when the message is reassembled to the client computer.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2002 Updated: September 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2002 Updated: September 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 10, 2002 Updated: September 13, 2002
Not Affected
Finjan Software products are not vulnerable. SurfinGate for E-Mail reassembles fragmented messages, and then performs security analysis and applies content management rules. SurfinShield is installed on end users machines, gets the reassembled message from the E-Mail client, and proactively monitors the behavior of active content included or attached to the E-Mail message.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2002 Updated: September 18, 2002
Not Affected
F-Secure is not vulnerable. The F-Secure products recognize multipart messages and contain settings that enables the administrator to control the handling of such messages.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 13, 2002 Updated: September 18, 2002
Affected
GFI MailSecurity for Exchange/SMTP 7.2 has been updated to detect this exploit as "fragmented message" through its email exploit detection engine and quarantines it at server level. We also have released an advisory: http://www.gfi.com/news/en/GFISEC16092002.htm As well as an online test: http://www.gfi.com/emailsecuritytest/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 13, 2002 Updated: September 18, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 18, 2002
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, We at Roaring Penguin Software Inc. have updated our products to deal with the vulnerability at http://online.securityfocus.com/archive/1/291514 MIMEDefang: We have released version 2.21 of MIMEDefang at http://www.roaringpenguin.com/mimedefang/ The default filter blocks message/partial types. CanIt: We have released version 1.2-F17 of our commercial CanIt anti-spam solution. This release is based on MIMEDefang 2.21. MIME-Tools: We have updated our patched version of MIME-Tools at http://www.roaringpenguin.com/mimedefang/MIME-tools-5.411a-RP-Patched.tar.gz MIME-Tools is a Perl module for parsing MIME messages. The patched version now can descend into message/partial as well as message/rfc822 attachments. Our patched version also fixes various other vulnerabilities in the official package (see http://online.securityfocus.com/archive/1/275282) Regards, David. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9gMmHxu9pkTSrlboRAry3AJ4jE+4XurEOIqPtFt8nxRP6/xE2lQCfdAOw QZHmeIlayd8mkMeKTpE0tDU= =M+gb -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2002 Updated: September 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2002 Updated: September 18, 2002
Not Affected
Symantec has been aware for some time of the potential malicious use of this email feature. As a result, all currently supported Symantec gateway products, by default, block multi-part MIME messages at the gateway. While this is a configurable feature of Symantec gateway products and can be enabled if multi-part email is required, the rejection of segmented messages should be a part of a company's comprehensive security policy to restrict potentially harmful content from the internal network. Additionally, should known malicious code be delivered to a client computer in this manner, the Symantec and Norton AntiVirus scanning products will detect it when it is reassembled and downloaded to the client computer and/or during attempted execution on the targeted computer. As always, if previously unknown malicious code is being distributed in this manner, Symantec Security Response will react and send updated virus definitions via LiveUpdate to detect the new threat.
The vendor has not provided us with any further information regarding this vulnerability.
Symantec has published this advisory.
Notified: September 04, 2002 Updated: September 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The following response from GFI appears in the SecuriTeam advisory: We have confirmed that our product InterScan VirusWall 3.5x for NT is affected by the vulnerability mentioned by Beyond Security Ltd. regarding fragmented e-mails. In order to resolve this problem, we have released a patch in order to address this particular concern for InterScan VirusWall for NT. The said patch can be downloaded from the following FTP server: ftp://ftp-download.trendmicro.com.ph/Gateway/ISNT/3.52/ The said hotfix is named: Hotfix_build1494_v352_Smtp_case6593.zip The hotfix mentioned above contains a Readme file which should include the necessary instructions on how to apply the patch. Our other mail gateway product, InterScan MSS v5.01 is not affected by this vulnerability provided that you apply the latest hotfixes which can be downloaded from our website at: www.antivirus.com/download