CVE-2004-1098

Current Description

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRoaring PenguinMimedefang2.4*******
    2.3ApplicationRoaring PenguinMimedefang2.14*******
    2.3ApplicationRoaring PenguinMimedefang2.20*******
    2.3ApplicationRoaring PenguinMimedefang2.21*******
    2.3ApplicationRoaring PenguinMimedefang2.38*******
    2.3ApplicationRoaring PenguinMimedefang2.39*******
    2.3ApplicationRoaring PenguinMimedefang2.41*******
    2.3ApplicationRoaring PenguinMimedefang2.42*******
    2.3ApplicationRoaring PenguinMimedefang2.43*******
    2.3ApplicationRoaring PenguinMimedefang2.44*******
    2.3ApplicationRoaring PenguinMimedefang2.45*******
    2.3ApplicationRoaring PenguinMimedefang4.46*******
    2.3ApplicationRoaring PenguinMimedefang4.47*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSSuseSuse Linux8.0*******
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.2*******

Vulnerable Software List

VendorProductVersions
Mandrakesoft Mandrake Linux 10.0, 10.1, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Roaring Penguin Mimedefang 2.14, 2.20, 2.21, 2.38, 2.39, 2.4, 2.41, 2.42, 2.43, 2.44, 2.45, 4.46, 4.47
Suse Suse Linux 8.0, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
20041026 [Mimedefang] SECURITY: Patch for MIME-toolshttp://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.htmlMLIST
GLSA-200411-06http://www.gentoo.org/security/en/glsa/glsa-200411-06.xmlGENTOOPatch Vendor Advisory
MDKSA-2004:123http://www.mandriva.com/security/advisories?name=MDKSA-2004:123MANDRAKE
11563http://www.securityfocus.com/bid/11563BIDPatch Vendor Advisory
mimetools-boundary-virus-bypass(17940)https://exchange.xforce.ibmcloud.com/vulnerabilities/17940XF