Feeds

Beware of malformed MIME artists

Content checking bypass ploy

  • alert
  • submit to reddit

Boost IT visibility and business value

The UK's top UK security co-ordination agency today warned of a series of vulnerabilities involving implementations of the Multipurpose Internet Mail Extensions (MIME) protocol within email and web security products. In a series of eight technical advisories the UK's National Infrastructure Security Co-ordination Centre (NISCC) explains how malformed MIME constructs might be exploited to allow attackers to bypass content checking and antivirus tools. MIME is a standard method for encoding email attachments so the extent of the problem highlights a gaping security hole that might be used by virus writers to smuggle hostile code past security defences.

The issue was uncovered in tests by a UK-based security firm Corsaire. Corsaire developed a test suite for content checking systems on behalf of a client in the insurance industry last year. Tests at the client revealed a number of security problems. These findings prompted further research on the 10 most common content checking and AV gateway products that unearthed a large number of varied security loopholes.

Many different viruses use malformed MIME content - such as SirCam, Nimda, NetSky and BadTrans - so the vulnerability of many common AV products came as an unpleasant surprise to Corsaire. "We were surprised to find so many and taken back to find manufacturers were not running the same tests as us. Many of the tests were quite elementary," said Martin O’Neal, technical director at Corsaire. Corsaire said it found between 30 to 130 vulnerabilities in each product. NISCC grouped these vulnerabilities together under eight categories for the sake of simplicity.

Corsaire worked throughout the last year in partnership with the UK NISCC team to ensure that the affected vendors have had access to the relevant information and tools to reproduce and correct the issues. A security alert issued by NISCC through the UNIRAS reporting scheme explains the security exposure of various vendors to the issue.

According to Corsaire many of the security vendors have already silently released patched versions of their software over the last 12 months. Others are promising to address the issue in the next version of affected products (e.g. F-Secure promise to fix a limited vulnerability to its Secure Internet Gatekeeper software with release 6.41, scheduled for beginning of Q4 04). Apple, HP, MessageLabs and Mozilla state that their respective products are safe from exploitation. Other vendors are yet to make a public pronouncement on the issue. Corsaire advises anyone who is in doubt as to the status of the products used within their environment to contact their vendors. ®

Related stories

UK.gov deploys IT early warning system
Brits pound OpenSSL bugs
The trouble with anti-virus
NetSky tops virus charts by a country mile
BadTrans virus bites Windows users hard

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?