Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
McAfee Email Gateway - Application Protections Bypass
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
MEG is vulnerable to file attachments containing the null character. The scanning mechanism fails to identify the file name properly.
Insight
Insight
The fix changes the file name processing functionality to remove NULL characters from the raw header value before it is decoded. This addresses the vulnerability, however, there is still an exploit situation because certain mail clients, such as Microsoft Outlook, use a '.' in place of the NULL. Hence, a file name of 'test<NUL>vbs' that will now be treated as 'testvbs' may be treated as 'test.vbs' by the mail client. In such situations you would need to change your File Filter rule from '*.vbs' to just '*vbs' to protect against the exploit.
Affected Software
Affected Software
Email Gateway 7.6
Detection Method
Detection Method
Check the installed version and hotfixes
Solution
Solution
Apply the hotfix referenced in the advisory