首页 -> 安全研究
安全研究
安全漏洞
MailScanner SMTP ETRN扫描可绕过漏洞
发布日期:2003-01-02
更新日期:2003-01-07
受影响系统:
MailScanner MailScanner 4.05-3不受影响系统:
MailScanner MailScanner 4.05-2
MailScanner MailScanner 4.05-1
MailScanner MailScanner 4.04-1
MailScanner MailScanner 4.03-1
MailScanner MailScanner 4.02-3
MailScanner MailScanner 4.02-2
MailScanner MailScanner 4.02-1
MailScanner MailScanner 3.26-2
MailScanner MailScanner 3.26-1
MailScanner MailScanner 3.25-1
MailScanner MailScanner 3.24-1
MailScanner MailScanner 3.23-5
MailScanner MailScanner 3.23-4
MailScanner MailScanner 3.23-3
MailScanner MailScanner 3.23-2
MailScanner MailScanner 3.23-1
MailScanner MailScanner 4.11-1描述:
MailScanner MailScanner 3.27-1
BUGTRAQ ID: 6504
MailScanner是一款用于邮件网关的邮件安全解决方案,包含病毒防护,保护邮件的恶意攻击,垃圾邮件防止等功能。
MailScanner在处理高负载邮件服务器时存在问题,远程攻击者可以利用这个漏洞绕过邮件检查,发送恶意邮件给目标用户。
当邮件服务器高负载运行,并允许使用SMTP ETRN命令时,可导致MailScanner对进入的邮件消息不进行处理,使恶意邮件绕过保护,直接发送给目标用户。
<*来源:Product changelog
链接:http://online.securityfocus.com/bid/6504
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 在MailScanner初始化脚本中编辑'sendmail -bd ...'命令,包含'-OPrivacyOptions=noetrn'选项,这将关闭SMTP ETRN命令。
厂商补丁:
MailScanner
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
MailScanner MailScanner 3.26-2:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.26-1:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.25-1:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.24-1:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.23-5:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.23-4:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.23-3:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.23-2:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 3.23-1:
MailScanner Upgrade MailScanner 3.27-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.05-3:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.05-2:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.05-1:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.04-1:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.03-1:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.02-3:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.02-2:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
MailScanner MailScanner 4.02-1:
MailScanner Upgrade MailScanner 4.11-1
http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
浏览次数:3075
严重程度:0(网友投票)
绿盟科技给您安全的保障