Vulnerability Description
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roaring Penguin | Mimedefang | 2.4 |
| Mandrakesoft | Mandrake Linux | 9.2 |
| Mandrakesoft | Mandrake Linux Corporate Server | 2.1 |
| Suse | Suse Linux | 8.0 |
References
- http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
- http://www.gentoo.org/security/en/glsa/glsa-200411-06.xmlPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
- http://www.securityfocus.com/bid/11563PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
- http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html
- http://www.gentoo.org/security/en/glsa/glsa-200411-06.xmlPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:123
- http://www.securityfocus.com/bid/11563PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17940
FAQ
What is CVE-2004-1098?
CVE-2004-1098 is a vulnerability with a CVSS score of 7.5 (HIGH). MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
How severe is CVE-2004-1098?
CVE-2004-1098 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1098?
Check the references section above for vendor advisories and patch information. Affected products include: Roaring Penguin Mimedefang, Mandrakesoft Mandrake Linux, Mandrakesoft Mandrake Linux Corporate Server, Suse Suse Linux.