Vigil@nce - McAfee Email Gateway: denial of service via SMTP Proxy
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed attachment, in order to generate
a memory leak in SMTP Proxy of McAfee Email Gateway, in order to
trigger a denial of service.
– Impacted products: McAfee Email Gateway
– Severity: 2/4
– Creation date: 08/04/2013
DESCRIPTION OF THE VULNERABILITY
The SMTP proxy of McAfee Email Gateway uses plugins to analyze
documents.
However, one of these plugins does not free all the memory it
allocates. Technical details are unknown.
An attacker can therefore send a malformed attachment, in order to
generate a memory leak in SMTP Proxy of McAfee Email Gateway, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/McAfee-Email-Gateway-denial-of-service-via-SMTP-Proxy-12613