Re: [FW1] New Outlook Exploit and Firewall-1/NAVFW

Wed, 19 Jul 2000 07:21:34 -0700 


At 08:58 PM 7/18/00 -0400, Iona College Firewall Mailing List wrote:

>Hi all:
>I'm sure by now you've seen the reports about the exploitability (err, the
>latest) with Outlook/Outlook Express.  I've been doing some vulnerability
>testing on our network and have found an interesting thing.  We're setup
>using FW-1 4.0 SP5 SMTP CVP and Norton Anti-Virus 1.04 for firewalls(1.50 is
>broken, so we don't use it).
>
>In trying to send an e-mail from sendmail (8.9.3) using the bad "Date" line
>downloaded from
>http://www.securityfocus.com/data/vulnerabilities/exploits/outsploit.txt
>I can't seem to get the e-mail to go through the firewall.  Every time I get
>a log entry which looks like:
>"293146"  "18Jul2000"  "20:49:41"  "daemon"  "10.1.1.1"  "log"  "reject"
>"smtp"  "SUN_Sparc5"  "Mailbox"  "tcp"  "3"  "42386"  ""  ""  ""  ""  ""  ""
>""  " agent mail dequeuer orig_from <[EMAIL PROTECTED]> orig_to
><[EMAIL PROTECTED]> from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> reason
>Connection to Content Security Server failed"
>
>I find that the e-mail is stuck in the spool directory as an "R" which
>generally means (I think) "Received, waiting for security server's
>response." I have not yet done a trace on the connection between the NAVFW
>machine and the Firewall, but it appears that NAV is dropping the connection
>when the Date: line is sent.  This may be because there is non-ASCII data in
>the e-mail but I really don't care so long as it doesn't get into my
>network.
>
>I'd like to know if there is anyone else who's received the same result,
>with NAVFW or even another content filter.


I'd love to check it out but the link you posted gives me an error message 
of "The resource requested /data/vulnerabilities/exploits/outsploit.txt 
cannot be found."

Do you have a copy of the code?

-- Joe




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to