Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-28054

Опубликовано: 18 мар. 2024
Источник: debian

Описание

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
amavisd-newfixed1:2.13.0-5package
amavisd-newfixed1:2.13.0-3+deb12u1bookwormpackage
amavisd-newfixed1:2.11.1-5+deb11u1bullseyepackage
amavisd-newpostponedbusterpackage

Примечания

  • https://gitlab.com/amavis/amavis/commit/78c4b7076ebf1d711629a95860aae1bc0db5277a (v2.13.1)

  • https://gitlab.com/amavis/amavis/commit/d921bc5208ce5b4e8f3e387a1d4e1f8fa4e85008 (v2.13.1)

  • https://gitlab.com/amavis/amavis/commit/c6c4a4c27c60194b68b617b7d3cfb033d6c587e2 (v2.13.1)

  • Patched amavisd-new version uses MIME::Entity->ambiguous_content if available

  • to get help on detecting an ambiguous email, or uses its own ambiguous_content

  • check if the available MIME::Tools are too old (<5.514).

Связанные уязвимости

ubuntu логотип

CVE-2024-28054

CVSS3: 7.4
ubuntu
больше 1 года назад

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

nvd логотип

CVE-2024-28054

CVSS3: 7.4
nvd
больше 1 года назад

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

redos логотип

ROS-20240611-03

CVSS3: 7.2
redos
около 1 года назад

Уязвимость amavisd-new

github логотип

GHSA-5hmm-p9xx-45x3

CVSS3: 7.4
github
больше 1 года назад

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

fstec логотип

BDU:2024-04924

CVSS3: 7.2
fstec
больше 1 года назад

Уязвимость компонента MIME-tools контент-фильтра электронной почты Amavis, связанная с неправильным контролем доступа, позволяющая нарушителю повысить свои привилегии