[security-alerts] FW: [SA20756] MAILsweeper for SMTP/Exchange Multiple Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> MAILsweeper for SMTP/Exchange Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA20756
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20756/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass, DoS
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> CS MAILsweeper 4.x for Exchange 2000
> http://secunia.com/product/205/
> CS MAILsweeper 4.x for SMTP
> http://secunia.com/product/202/
> 
> DESCRIPTION:
> Some vulnerabilities have been reported in MAILsweeper for
> SMTP/Exchange, which can be exploited by malicious people to bypass
> certain security restrictions and potentially cause a DoS (Denial of
> Service).
> 
> 1) An error exists within the handling of messages that specify a
> non-existent character set. This can be exploited to bypass text
> analysis.
> 
> 2) An error exists within the handling of reverse DNS lookups when
> the "Received" header in a message includes non-ASCII characters. 
> This can be exploited to cause the Receiver service to stop
> processing messages.
> 
> 3) An error exists within the handling of certain malformed messages.
> This can be exploited to cause the Security service to stop processing
> messages.
> 
> The vulnerabilities have been reported in the following products:
> * MAILsweeper for SMTP version 4.3.19
> * MIMEsweeper for Exchange version 4.3.19
> 
> Prior versions may also be affected.
> 
> SOLUTION:
> Update to version 4.3.20 (requires 4.3.19).
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://download.mimesweeper.com/www/TechnicalDocumentation/Rea
> dMe_MSW_4,3,20.htm
>