MAILsweeper Archive File Filtering Bypass

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote SMTP server has a security bypass vulnerability.

Description :

The remote host is running MAILsweeper - a content security solution
for SMTP.

According to its banner, the remote version of MAILsweeper may allow
an attacker to bypass the archive filtering settings of the remote
server by sending an archive in the format 7ZIP, ACE, ARC, BH, BZIP2,
HAP, IMG, PAK, RAR or ZOO.

See also :

http://www.nessus.org/u?932e2128

Solution :

Upgrade to MAILsweeper 4.3.15 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 14360 (mailsweeper_archive_filtering.nasl)

Bugtraq ID: 10940

CVE ID: CVE-2003-0922
CVE-2003-0929
CVE-2003-0930

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now