McAfee Email Gateway File Attachment Name NULL Character Handling Filter Bypass (SB10161)
Medium Nessus Plugin ID 91991
SynopsisAn email proxy server running on the remote host is affected by a filter bypass vulnerability.
DescriptionThe McAfee Email Gateway (MEG) application running on the remote host is affected by a flaw when processing email file attachments due to a failure to remove NULL characters from the raw header value before it is decoded. An unauthenticated, remote attacker can exploit this, via a crafted file attachment, to bypass file filters and send arbitrary files to the recipient.
SolutionApply the relevant hotfix referenced in the vendor advisory.