Feeds

Beware of malformed MIME artists

Content checking bypass ploy

  • alert
  • submit to reddit

Security for virtualized datacentres

The UK's top UK security co-ordination agency today warned of a series of vulnerabilities involving implementations of the Multipurpose Internet Mail Extensions (MIME) protocol within email and web security products. In a series of eight technical advisories the UK's National Infrastructure Security Co-ordination Centre (NISCC) explains how malformed MIME constructs might be exploited to allow attackers to bypass content checking and antivirus tools. MIME is a standard method for encoding email attachments so the extent of the problem highlights a gaping security hole that might be used by virus writers to smuggle hostile code past security defences.

The issue was uncovered in tests by a UK-based security firm Corsaire. Corsaire developed a test suite for content checking systems on behalf of a client in the insurance industry last year. Tests at the client revealed a number of security problems. These findings prompted further research on the 10 most common content checking and AV gateway products that unearthed a large number of varied security loopholes.

Many different viruses use malformed MIME content - such as SirCam, Nimda, NetSky and BadTrans - so the vulnerability of many common AV products came as an unpleasant surprise to Corsaire. "We were surprised to find so many and taken back to find manufacturers were not running the same tests as us. Many of the tests were quite elementary," said Martin O’Neal, technical director at Corsaire. Corsaire said it found between 30 to 130 vulnerabilities in each product. NISCC grouped these vulnerabilities together under eight categories for the sake of simplicity.

Corsaire worked throughout the last year in partnership with the UK NISCC team to ensure that the affected vendors have had access to the relevant information and tools to reproduce and correct the issues. A security alert issued by NISCC through the UNIRAS reporting scheme explains the security exposure of various vendors to the issue.

According to Corsaire many of the security vendors have already silently released patched versions of their software over the last 12 months. Others are promising to address the issue in the next version of affected products (e.g. F-Secure promise to fix a limited vulnerability to its Secure Internet Gatekeeper software with release 6.41, scheduled for beginning of Q4 04). Apple, HP, MessageLabs and Mozilla state that their respective products are safe from exploitation. Other vendors are yet to make a public pronouncement on the issue. Corsaire advises anyone who is in doubt as to the status of the products used within their environment to contact their vendors. ®

Related stories

UK.gov deploys IT early warning system
Brits pound OpenSSL bugs
The trouble with anti-virus
NetSky tops virus charts by a country mile
BadTrans virus bites Windows users hard

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.