Vulnerabilities > CVE-2003-0929 - Unspecified vulnerability in Clearswift Mailsweeper

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
clearswift
nessus

Summary

Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.

Vulnerable Configurations

Part Description Count
Application
Clearswift
1

Nessus

NASL familyMisc.
NASL idMAILSWEEPER_ARCHIVE_FILTERING.NASL
descriptionThe remote host is running MAILsweeper - a content security solution for SMTP. According to its banner, the remote version of MAILsweeper may allow an attacker to bypass the archive filtering settings of the remote server by sending an archive in the format 7ZIP, ACE, ARC, BH, BZIP2, HAP, IMG, PAK, RAR or ZOO.
last seen2020-06-01
modified2020-06-02
plugin id14360
published2004-08-23
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14360
titleMAILsweeper Archive File Filtering Bypass
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(14360);
 script_cve_id("CVE-2003-0922", "CVE-2003-0929", "CVE-2003-0930");
 script_bugtraq_id(10940);
 script_xref(name:"Secunia", value:"12301");
 script_version ("1.12");

 script_name(english:"MAILsweeper Archive File Filtering Bypass");
 script_summary(english:"Checks the remote banner");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"The remote SMTP server has a security bypass vulnerability."
 );
 script_set_attribute( attribute:"description",    value:
"The remote host is running MAILsweeper - a content security solution
for SMTP.

According to its banner, the remote version of MAILsweeper may allow
an attacker to bypass the archive filtering settings of the remote
server by sending an archive in the format 7ZIP, ACE, ARC, BH, BZIP2,
HAP, IMG, PAK, RAR or ZOO." );
 # https://web.archive.org/web/20040818012256/http://www.corsaire.com/advisories/c030807-001.txt
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.nessus.org/u?932e2128"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to MAILsweeper 4.3.15 or later."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/23");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/13");
 script_cvs_date("Date: 2018/07/14  1:59:37");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc.");
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 
 script_dependencie("sendmail_expn.nasl", "smtpserver_detect.nasl");
 script_require_ports("Services/smtp", 25);
 exit(0);
}


include("misc_func.inc");
include("smtp_func.inc");

port = get_service(svc:"smtp", default: 25, exit_on_fail: 1);
if (get_kb_item('SMTP/'+port+'/broken')) exit(0);

banner = get_smtp_banner(port:port);
if ( ! banner ) exit(0);
if(egrep(string:banner, pattern:"^220 .* MAILsweeper ESMTP Receiver Version ([0-3]\.|4\.([0-2]\.|3\.([0-9]|1[0-4])[^0-9])).*$")) security_hole(port);