FKIE_CVE-2002-1121

Vulnerability from fkie_nvd - Published: 2002-09-24 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.htmlVendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103184267105132&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103184501408453&w=2
cve@mitre.orghttp://www.iss.net/security_center/static/10088.phpVendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/836088US Government Resource
cve@mitre.orghttp://www.securiteam.com/securitynews/5YP0A0K8CM.html
cve@mitre.orghttp://www.securityfocus.com/bid/5696
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103184267105132&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103184501408453&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10088.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/836088US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securiteam.com/securitynews/5YP0A0K8CM.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5696
Impacted products
Vendor Product Version
gfi mailsecurity 7.2
network_associates webshield_smtp 4.0.5
network_associates webshield_smtp 4.5
network_associates webshield_smtp 4.5.44
network_associates webshield_smtp 4.5.74.0
roaring_penguin canit 1.2
roaring_penguin mimedefang 2.14
roaring_penguin mimedefang 2.20
trend_micro interscan_viruswall 3.5
trend_micro interscan_viruswall 3.51
trend_micro interscan_viruswall 3.52
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gfi:mailsecurity:7.2:*:exchange_smtp:*:*:*:*:*",
              "matchCriteriaId": "519EA0E1-6E7D-4EC5-88F2-54ACE06DDC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:network_associates:webshield_smtp:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "454C2126-A9DF-4550-B00C-56C20518B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:network_associates:webshield_smtp:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "27DD72FC-3FEF-43BC-8A68-3299213151F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:network_associates:webshield_smtp:4.5.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F43933D-F354-44EF-9087-55BABC7413F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:network_associates:webshield_smtp:4.5.74.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0950198-02BB-4BB1-A120-A7925D4A991B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roaring_penguin:canit:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9DABC1-4A0A-403A-B200-FF5D45BC5617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roaring_penguin:mimedefang:2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49F4116-2497-4AC4-ACE2-E77F3C1889EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roaring_penguin:mimedefang:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA989CD-020D-487B-9E83-2316185C6950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "09396CAF-01B2-4313-973C-F4A809D0E232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA017B0-A0D4-4B47-B980-57C6C103C7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A7881A-BC30-471E-8D8F-F764F26DF8F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 (\"Message Fragmentation and Reassembly\") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type."
    },
    {
      "lang": "es",
      "value": "motores de filtrado de contenido SMTP, incluyendo \r\nGFI MailSecurity para Exchange/SMTP anteriores a 7.2\r\nInterScan VirusWall anteriores a 3.52 compilaci\u00f3n 1494\r\nla configuraci\u00f3n por defecto de MIMEDefang anteriores a 2.21\r\ny posiblemente otros productos, no detectan correos electr\u00f3nicos fragmentados como se define en la RFC2046 (\"Fragmentaci\u00f3n y ensamblaje de Mensajes\"), y soportado en productos como Outlook Express, lo que permite a atacantes remotos evitar el filtrado de contenido, incluyendo la comprobaci\u00f3n de virus, mediante correos fragmentados con el tipo de contenido message/partial."
    }
  ],
  "id": "CVE-2002-1121",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-09-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103184267105132\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103184501408453\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10088.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/836088"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securiteam.com/securitynews/5YP0A0K8CM.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103184267105132\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103184501408453\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10088.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/836088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securiteam.com/securitynews/5YP0A0K8CM.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5696"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.