COMMAND

    WebShield

SYSTEMS AFFECTED

    McAfee WebShield SMTP

PROBLEM

    Jari Helenius found  following.  McAfee  WebShield SMTP v4.5  have
    at least two vulnerabilities.   One with content filter and  other
    with  smtp  recepient  field  (DoS).   Network Associates has been
    informed 7.11.2000 (cont  filt) and 17.11.2000  (recepient field).
    Vulnerability occures at least NT4sp5 and sp6 installations.

    Mailformed SMTP recepient field
    ===============================
    If recepient field is mailformed, ie in recepient field is

        shop@liverpoolfc.net?subject=Please%20send%20new%20catalogue&body=Please%20include%20your%20name%20and%20address

    WebShield  will  crash  with  access  violation error.  Restarting
    service results  immediate crash.   This produses  DoS and  leaves
    posibility of buffer overflow.

    Content filter let mail pass against filter rules
    =================================================
    Content filter has been set  up to stop messages with  attachments
    that have ".exe" in  attachment name. If attachment  name includes
    special characters like €  (euro sign) or scandinavian  characters
    like ä,  å or  ö) (name  like bad€name.exe)  content filter  won't
    stop message but let's it throug.

    Such attachments are still checked against known viruses and  mail
    that contains known virus will be stopped.

SOLUTION

    Nothing yet.