Content

Updated: Hundreds of products fall through MIME security flaw

Serious security flaws that potentially affect hundreds of email gateway products have been discovered in the widely deployed MIME (Multi-Purpose Internet Mail Extensions) protocol.

The vulnerabilities in the MIME extension to the ubiquitous Simple Mail Transport Protocol (SMTP) were uncovered by experts from information security firm Corsaire, which warned of 190 discrete attack vectors.

Due to the scale and seriousness of this issue - and the requirement for coordination of vendors with compromised products - Corsaire passed its findings to the UK National Infrastructure Co-ordination Centre (NISCC) team, which released full details to the public on Monday September 13.

The MIME vulnerabilities were discovered during a recent Corsaire project to assess the suitability of the email systems used by a large insurance company. The scope of the project was to identify any weaknesses in the organisation's controls for limiting the types of data sent via email and identifying malicious content, such as viruses.

NISCC's Vulnerability Advisory 380375/MIME notes there are several types of software products that are potentially affected by the vulnerabilities. These include web browsers, anti-virus products, mail content checkers and web content checkers that need to be able to parse MIME.

The flaw occurs if a content checker parses a MIME message incorrectly. If content is allowed to pass through the checker based on an incorrect assessment of its MIME type the content checker's security can be totally bypassed, Corsaire's testing found.

"If this happened or a content checker was not used, the receiving client could crash or execute arbitrary code if it also parsed the MIME incorrectly," the NISCC advisory stated.

The MIME flaws came to light when the Corsaire tools were applied to a variety of mail gateway products. The end result was the discovery of 14 fundamental MIME implementation issues, with 190 discrete attack vectors, Corsaire warned.

"In specific terms, these were used to identify over 1000 individual vulnerabilities in only ten common MIME gateway products. At the last count Corsaire was aware of around 90 separate vendors producing MIME products that will also likely be affected," Corsaire said in a prepared statement.

https://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3304.txt
https://www.niscc.gov.uk
https://www.corsaire.com

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.