GLSA
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
 Posted: Tue Nov 02, 2004 6:38 pm Post subject: [ GLSA 200411-06 ] MIME-tools: Virus detection evasion |
 |
|
Gentoo Linux Security Advisory
Title: MIME-tools: Virus detection evasion (GLSA 200411-06)
Severity: low
Exploitable: remote
Date: November 02, 2004
Updated: May 22, 2006
Bug(s): #69181
ID: 200411-06
Synopsis
MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent
some virus-scanning programs which use MIME-tools from detecting certain
viruses.
Background
MIME-tools is a Perl module containing functions to handle MIME
attachments.
Affected Packages
Package: dev-perl/MIME-tools
Vulnerable: < 5.415
Unaffected: >= 5.415
Architectures: All supported architectures
Description
MIME-tools doesn't correctly parse attachment boundaries with an empty
name (boundary="").
Impact
An attacker could send a carefully crafted email and evade detection on
some email virus-scanning programs using MIME-tools for attachment
decoding.
Workaround
There is no known workaround at this time.
Resolution
All MIME-tools users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/MIME-tools-5.415" |
References
MIMEDefang announcement
CVE-2004-1098
Last edited by GLSA on Fri Jul 25, 2014 4:17 am; edited 6 times in total |
|
News & Announcements
