WatchGuard Firebox SMTP Proxy Attachment Bypassing Vulnerability

Firebox is a hardware based firewall implementation distributed by WatchGuard. Firebox is distributed in various sizes ranging from personal sized to enterprise level firewalling, and offers advanced features such as crypto-vpn.

A problem with the firewall makes it possible to bypass SMTP content checking. The problem is due to the checking of attachments when encoded with base64. When the boundry name in the mail is appended with two dashes, the firewall passes the mail attachments without further checking.

This makes it possible for a remote user to send attachments such functional vbscripts in email, and bypass filtering of the firewall.


Privacy Statement
Copyright 2010, SecurityFocus