SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (E-mail Server)  >   GMS Mail (NTMail) Vendors:   Gordano
Gordano GMS Mail (NTMail) 'JUCE' Mail Filter Fails to Properly Block Mail
SecurityTracker Alert ID:  1005650
SecurityTracker URL:  http://securitytracker.com/id/1005650
CVE Reference:   CVE-2002-2408   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Nov 18 2002
Impact:   Host/resource access via network
Exploit Included:  Yes  
Version(s): 8
Description:   A vulnerability was reported in the Gordano GMS Mail (NTmail) e-mail server software. The software may allow some e-mail to bypass the 'JUCE' SPAM filter.

It is reported that when the system processes inbound e-mail containing multiple recipients and is configured with the JUCE mail filter add-on to block certain keywords, the system will only block mail to the first reciepient. Other receipients will receive the mail.

The vendor has reportedly been notified.

Impact:   A remote user can send e-mail that will bypass the SPAM keyword filter.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.gordano.com/Technology/Mail.htm (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix) Re: Gordano GMS Mail (NTMail) 'JUCE' Mail Filter Fails to Properly Block Mail
The vendor has issued a patch.



 Source Message Contents

Subject:  [Full-Disclosure] NTmail (GMS) 8 filtering bug


The following exploit was discovered simultaneously by a number of NTmail
users, I'm just one of them. In NTmail version 8 there is a mail filtering
addon called JUCE which allows filtering of email by using a reserved
words/phrases type filter.

Many NTmail admins use this feature to filter email virus and trojans due to
the excessive cost of the NTmail anti-virus addon. In some cases we filter
based on code techniques that are common to email virus in order to possibly
stop future virus and virus mutations that have not yet surfaced. Some even
use this feature in addition to the standard anti-virus dll because of this
capability. It's also one of the best spam filters available for NTmail.

In version 8 this filter is broken. It works as advertised to stop an email
addressed to a single recipient however if the email is addressed to
multiple recipients then only the first one is blocked and the email is
delivered to all the remaining addresses.

Gordano, the software vendor has been contacted by multiple customers about
this problem. They have blocked any mention of it on their support email
list and when we contacted Tom Breingan, Gordano Sales Manager, he did his
best to avoid addressing the issue at all.

We believe it is important that the entire NTmail community be made aware of
this issue because their use of this feature to filter virus/trojans puts
them all at risk.

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC