Feeds

Beware of malformed MIME artists

Content checking bypass ploy

  • alert
  • submit to reddit

Security for virtualized datacentres

The UK's top UK security co-ordination agency today warned of a series of vulnerabilities involving implementations of the Multipurpose Internet Mail Extensions (MIME) protocol within email and web security products. In a series of eight technical advisories the UK's National Infrastructure Security Co-ordination Centre (NISCC) explains how malformed MIME constructs might be exploited to allow attackers to bypass content checking and antivirus tools. MIME is a standard method for encoding email attachments so the extent of the problem highlights a gaping security hole that might be used by virus writers to smuggle hostile code past security defences.

The issue was uncovered in tests by a UK-based security firm Corsaire. Corsaire developed a test suite for content checking systems on behalf of a client in the insurance industry last year. Tests at the client revealed a number of security problems. These findings prompted further research on the 10 most common content checking and AV gateway products that unearthed a large number of varied security loopholes.

Many different viruses use malformed MIME content - such as SirCam, Nimda, NetSky and BadTrans - so the vulnerability of many common AV products came as an unpleasant surprise to Corsaire. "We were surprised to find so many and taken back to find manufacturers were not running the same tests as us. Many of the tests were quite elementary," said Martin O’Neal, technical director at Corsaire. Corsaire said it found between 30 to 130 vulnerabilities in each product. NISCC grouped these vulnerabilities together under eight categories for the sake of simplicity.

Corsaire worked throughout the last year in partnership with the UK NISCC team to ensure that the affected vendors have had access to the relevant information and tools to reproduce and correct the issues. A security alert issued by NISCC through the UNIRAS reporting scheme explains the security exposure of various vendors to the issue.

According to Corsaire many of the security vendors have already silently released patched versions of their software over the last 12 months. Others are promising to address the issue in the next version of affected products (e.g. F-Secure promise to fix a limited vulnerability to its Secure Internet Gatekeeper software with release 6.41, scheduled for beginning of Q4 04). Apple, HP, MessageLabs and Mozilla state that their respective products are safe from exploitation. Other vendors are yet to make a public pronouncement on the issue. Corsaire advises anyone who is in doubt as to the status of the products used within their environment to contact their vendors. ®

Related stories

UK.gov deploys IT early warning system
Brits pound OpenSSL bugs
The trouble with anti-virus
NetSky tops virus charts by a country mile
BadTrans virus bites Windows users hard

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.