FreeBSD : ripMIME -- decoding bug allowing content filter bypass (85e19dff-e606-11d8-9b0a-000347a4fa7d)

High Nessus Plugin ID 37039


The remote FreeBSD host is missing a security-related update.


ripMIME may prematurely terminate decoding Base64 encoded messages when it encounters multiple blank lines or other non-standard Base64 constructs. Virus scanning and content filtering tools that use ripMIME may therefore be bypassed.

The ripMIME CHANGELOG file says :

There's viruses going around exploiting the ability to hide the majority of their data in an attachment by using blank lines and other tricks to make scanning systems prematurely terminate their base64 decoding.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 37039

File Name: freebsd_pkg_85e19dffe60611d89b0a000347a4fa7d.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2009/04/23

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ripmime, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/08/27

Vulnerability Publication Date: 2004/07/30

Reference Information

CVE: CVE-2004-2619

BID: 10848

OSVDB: 8287

Secunia: 12201