Thread-topic: [SA20756] MAILsweeper for SMTP/Exchange Multiple Vulnerabilities
>
> TITLE:
> MAILsweeper for SMTP/Exchange Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA20756
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/20756/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Security Bypass, DoS
>
> WHERE:
> From remote
>
> SOFTWARE:
> CS MAILsweeper 4.x for Exchange 2000
> http://secunia.com/product/205/
> CS MAILsweeper 4.x for SMTP
> http://secunia.com/product/202/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in MAILsweeper for
> SMTP/Exchange, which can be exploited by malicious people to bypass
> certain security restrictions and potentially cause a DoS (Denial of
> Service).
>
> 1) An error exists within the handling of messages that specify a
> non-existent character set. This can be exploited to bypass text
> analysis.
>
> 2) An error exists within the handling of reverse DNS lookups when
> the "Received" header in a message includes non-ASCII characters.
> This can be exploited to cause the Receiver service to stop
> processing messages.
>
> 3) An error exists within the handling of certain malformed messages.
> This can be exploited to cause the Security service to stop processing
> messages.
>
> The vulnerabilities have been reported in the following products:
> * MAILsweeper for SMTP version 4.3.19
> * MIMEsweeper for Exchange version 4.3.19
>
> Prior versions may also be affected.
>
> SOLUTION:
> Update to version 4.3.20 (requires 4.3.19).
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> http://download.mimesweeper.com/www/TechnicalDocumentation/Rea
> dMe_MSW_4,3,20.htm
>