Multiple Security Products MIME Encoding Content Filter Bypass Weakness

Bugtraq ID:	21461
Class:	Design Error
CVE:	CVE-2006-6406 CVE-2006-6405 CVE-2006-6407 CVE-2006-6408 CVE-2006-6409
Remote:	Yes
Local:	No
Published:	Dec 06 2006 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	Hendrik Weimer is credited with the discovery of this vulnerability.
Vulnerable:	SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SuSE Linux 9.3 S.u.S.E. Linux 10.1 S.u.S.E. Linux 10.0 Novell Open Enterprise Server (OES) 0 Novell Linux Desktop 9 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Kolab Kolab Groupware Server 2.0.4 Kolab Kolab Groupware Server 2.0.3 Kolab Kolab Groupware Server 2.0.2 Kolab Kolab Groupware Server 2.0.1 Kolab Kolab Groupware Server 1.0.8 Kolab Kolab Groupware Server 1.0.7 Kolab Kolab Groupware Server 1.0.6 Kolab Kolab Groupware Server 1.0.5 Kolab Kolab Groupware Server 1.0.3 Kolab Kolab Groupware Server 1.0.1 Kolab Kolab Groupware Server 1.0 -20040426 Kolab Kolab Groupware Server 1.0 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 Kolab Kolab Groupware Server 2.1beta2 Kolab Groupware Server 2.1.beta3 Kaspersky Anti-Virus 5.5.10 Frisk Software F-Prot Antivirus 4.6.6 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Clam Anti-Virus ClamAV 0.88.6 BitDefender Mail Protection for SMB 2.0
Not Vulnerable:

Multiple Security Products MIME Encoding Content Filter Bypass Weakness

Various security products are prone to a filter-bypass weakness. These products include:

- BitDefender Mail Protection for SMB 2.0
- ClamAV 0.88.6
- F-prot AntiVirum for Linux x86 Mail Servers 4.6.6
- Kaspersky Anti-Virus for Linux Mail Server 5.5.10

Other applications and versions may also be affected.

This issue occurs because the application fails to handle malformed input that may allow an attacker to bypass the file-filtering mechanism.

Multiple Security Products MIME Encoding Content Filter Bypass Weakness

Attackers can exploit this issue by constructing a file that contains a Base64-encoded file with invalid characters; this file is embedded in an email. An exploit is not required.

Multiple Security Products MIME Encoding Content Filter Bypass Weakness

Solution:
Please see the referenced advisories for more information.


Mandriva Linux Mandrake 2007.0

• Mandriva clamav-0.88.7-1.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-1.1mdv2007.0.src.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-1.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 4.0

• Mandriva clamav-0.88.7-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-0.1.20060mlcs4.src.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download

Mandriva Linux Mandrake 2007.0 x86_64

• Mandriva clamav-0.88.7-1.1mdv2007.0.src.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download

Mandriva Linux Mandrake 2006.0 x86_64

• Mandriva clamav-0.88.7-0.1.20060mdk.src.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-0.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-0.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0/X86_64:
  http://www.mandriva.com/en/download

Mandriva Linux Mandrake 2006.0

• Mandriva clamav-0.88.7-0.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-0.1.20060mdk.src.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-0.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-0.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-0.88.7-0.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 3.0 x86_64

• Mandriva clamav-0.88.7-0.1.C30mdk.src.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-0.1.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-0.1.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 3.0

• Mandriva clamav-0.88.7-0.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-0.1.C30mdk.src.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-0.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-0.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-0.88.7-0.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 4.0 x86_64

• Mandriva clamav-0.88.7-0.1.20060mlcs4.src.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva ib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download

Multiple Security Products MIME Encoding Content Filter Bypass Weakness

References:

• BitDefender Homepage (BitDefender)
  
• Bypassing Virus Scanners Using Mime Encoding Tricks (Quantenblog)
  
• ClamAV Homepage (ClamAV)
  
• F-Prot Home Page (F-PROT)
  
• Kaspersky Home Page (Kaspersky)
  
• Kolab Security Issue 14 20061219 (Kolab)
  
• Multiple Vendor Unusual MIME Encoding Content Filter Bypass (Hendrik Weimer)