Title: WatchGuard Firebox SMTP Proxy Attachment Bypassing Vulnerability
Severity: MODERATE
Description:
Firebox is a hardware based firewall implementation distributed by WatchGuard. Firebox is distributed in various sizes ranging from personal sized to enterprise level firewalling, and offers advanced features such as crypto-vpn.
A problem in the firmware used with the firewall makes it possible for users to bypass SMTP attachment checking. This vulnerability could lead to the infection of network assets protected by the firewall.
The problem involves the checking of attachments that have been encoded with base64 and attached to an email. During normal operation, the Firebox monitors email, checking attachments against a list of authorized extensions and prohibiting the sending of mails containing attachments that may be malicious.
Upon adding an attachment to the mail, it's possible to slip the attachment under the filtering of the Firebox by selecting, or manually setting the boundry field in the SMTP header to include two dashes after the name of the boundry for the attachment.
Affected Products:
- WatchGuard Firebox 2500 4.5.0
- WatchGuard Firebox 2500 4.6.0
- WatchGuard Firebox 4500 4.5.0
- WatchGuard Firebox 4500 4.6.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
