Signature Detail

SMTP: MIME Tools Virus Evasion Detection

This signature detects attempts to evade antivirus tools such as MIME Tools, a Linux-based email MIME scanner. The MIME RFC allows for an empty boundary, but most all mail clients use one, while many viruses will not.

Extended Description

MIMEDefang is reported prone to multiple remote vulnerabilities. The cause and impact of these issues is currently unknown. It is conjectured that these issues are caused by insufficient sanitization of user-supplied data and may exist in 'mimedefang.pl.in' and 'mimedefang.c' files. MIMEDefang 2.47 and prior versions are affected by these vulnerabilities. This BID will be updated as more information becomes available.

Affected Products

• Mandriva Corporate Server 2.1.0
• Mandriva Corporate Server 2.1.0 X86 64
• Mandriva Linux Mandrake 10.0.0
• Mandriva Linux Mandrake 10.0.0 amd64
• Mandriva Linux Mandrake 10.1.0
• Mandriva Linux Mandrake 10.1.0 X86 64
• Mandriva Linux Mandrake 9.2.0
• Mandriva Linux Mandrake 9.2.0 amd64
• Roaring Penguin Software MIMEDefang 2.14.0
• Roaring Penguin Software MIMEDefang 2.20.0
• Roaring Penguin Software MIMEDefang 2.21.0
• Roaring Penguin Software MIMEDefang 2.38.0
• Roaring Penguin Software MIMEDefang 2.39.0
• Roaring Penguin Software MIMEDefang 2.4.0
• Roaring Penguin Software MIMEDefang 2.41.0
• Roaring Penguin Software MIMEDefang 2.42.0
• Roaring Penguin Software MIMEDefang 2.43.0
• Roaring Penguin Software MIMEDefang 2.44.0
• Roaring Penguin Software MIMEDefang 2.45.0
• Roaring Penguin Software MIMEDefang 4.46.0
• Roaring Penguin Software MIMEDefang 4.47.0
• SuSE Linux 8.0.0
• SuSE Linux 8.1.0
• SuSE Linux 9
• SuSE Linux 9.1
• SuSE Linux 9.2
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE Linux Personal 9.0.0 X86 64
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.2.0

References

• BugTraq: 11563
• CVE: CVE-2004-1098
• URL: http://www.mandriva.com/security/advisories?name=MDKSA-2004:123