FreeBSD : ripMIME -- decoding bug allowing content filter bypass (85e19dff-e606-11d8-9b0a-000347a4fa7d)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

ripMIME may prematurely terminate decoding Base64 encoded messages
when it encounters multiple blank lines or other non-standard Base64
constructs. Virus scanning and content filtering tools that use
ripMIME may therefore be bypassed.

The ripMIME CHANGELOG file says :

There's viruses going around exploiting the ability to hide the
majority of their data in an attachment by using blank lines and other
tricks to make scanning systems prematurely terminate their base64
decoding.

See also :

http://www.pldaniels.com/ripmime/CHANGELOG
http://xforce.iss.net/xforce/xfdb/16867
http://www.nessus.org/u?86d7b18c

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 37039 (freebsd_pkg_85e19dffe60611d89b0a000347a4fa7d.nasl)

Bugtraq ID: 10848

CVE ID: CVE-2004-2619

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now