CVE-2002-1121

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html	Vendor Advisory
http://www.iss.net/security_center/static/10088.php	Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
http://www.securiteam.com/securitynews/5YP0A0K8CM.html
http://www.kb.cert.org/vuls/id/836088	US Government Resource
http://www.securityfocus.com/bid/5696
http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
http://marc.info/?l=bugtraq&m=103184267105132&w=2
http://marc.info/?l=bugtraq&m=103184501408453&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:roaring_penguin:mimedefang:2.14:::::::*
	cpe:2.3:a:roaring_penguin:mimedefang:2.20:::::::*
	cpe:2.3:a:network_associates:webshield_smtp:4.5:::::::*
	cpe:2.3:a:network_associates:webshield_smtp:4.5.44:::::::*
	cpe:2.3:a:trend_micro:interscan_viruswall:3.52:::::::*
	cpe:2.3:a:gfi:mailsecurity:7.2::exchange_smtp:::::
	cpe:2.3:a:network_associates:webshield_smtp:4.0.5:::::::*
	cpe:2.3:a:trend_micro:interscan_viruswall:3.5:::::::*
	cpe:2.3:a:trend_micro:interscan_viruswall:3.51:::::::*
	cpe:2.3:a:network_associates:webshield_smtp:4.5.74.0:::::::*
	cpe:2.3:a:roaring_penguin:canit:1.2:::::::*

Information

Published : 2002-09-23 21:00

Updated : 2016-10-17 19:23

NVD link : CVE-2002-1121

Mitre link : CVE-2002-1121

JSON object : View

CWE

NVD-CWE-Other

Products Affected

roaring_penguin

mimedefang
canit

gfi

mailsecurity

trend_micro

interscan_viruswall

network_associates

webshield_smtp

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html", "name": "20020912 Bypassing SMTP Content Protection with a Flick of a Button", "tags": ["Vendor Advisory"], "refsource": "VULNWATCH"}, {"url": "http://www.iss.net/security_center/static/10088.php", "name": "smtp-content-filtering-bypass(10088)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html", "name": "20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securiteam.com/securitynews/5YP0A0K8CM.html", "name": "http://www.securiteam.com/securitynews/5YP0A0K8CM.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/836088", "name": "VU#836088", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/5696", "name": "5696", "tags": [], "refsource": "BID"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html", "name": "20020912 Roaring Penguin fixes for \"Bypassing SMTP Content Protection with a Flick of a Button\"", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=103184267105132&w=2", "name": "20020912 Bypassing SMTP Content Protection with a Flick of a Button", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=103184501408453&w=2", "name": "20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 (\"Message Fragmentation and Reassembly\") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1121", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-09-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:roaring_penguin:mimedefang:2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roaring_penguin:mimedefang:2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:network_associates:webshield_smtp:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:network_associates:webshield_smtp:4.5.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trend_micro:interscan_viruswall:3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gfi:mailsecurity:7.2:*:exchange_smtp:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:network_associates:webshield_smtp:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trend_micro:interscan_viruswall:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trend_micro:interscan_viruswall:3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:network_associates:webshield_smtp:4.5.74.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roaring_penguin:canit:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T02:23Z"}

7.5 /10