CVE-2009-1240 - OpenCVE

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Network Multi-function Security Proventia Desktop Endpoint Security Proventia Network Mail Security System Proventia Network Mail Security System Virtual Appliance

Configuration 1 [-]

OR	cpe:2.3:a:ibm:proventia_desktop_endpoint_security::::::::
	cpe:2.3:a:ibm:proventia_network_mail_security_system::::::::
	cpe:2.3:h:ibm:network_multi-function_security::::::::
	cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance::::::::

No data.

References

Link	Providers
http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
http://www.securityfocus.com/archive/1/502369/100/0/threaded
http://www.securityfocus.com/archive/1/504987/100/0/threaded
http://www.securityfocus.com/archive/1/504992/100/0/threaded
http://www.securityfocus.com/archive/1/504995/100/0/threaded
http://www.securityfocus.com/bid/34345

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-03T18:00:00

Updated: 2024-08-07T05:04:49.387Z

Reserved: 2009-04-03T00:00:00

Link: CVE-2009-1240

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-04-03T18:30:00.657

Modified: 2018-10-10T19:35:20.043

Link: CVE-2009-1240

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html"}, {"tags": ["x_refsource_MISC"], "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417"}, {"name": "34345", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34345"}, {"name": "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded"}, {"name": "20090402 [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded"}, {"name": "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded"}, {"name": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html", "refsource": "MISC", "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html"}, {"name": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417", "refsource": "MISC", "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417"}, {"name": "34345", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34345"}, {"name": "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded"}, {"name": "20090402 [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded"}, {"name": "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:49.387Z"}, "title": "CVE Program Container", "references": [{"name": "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417"}, {"name": "34345", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34345"}, {"name": "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded"}, {"name": "20090402 [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded"}, {"name": "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1240", "datePublished": "2009-04-03T18:00:00", "dateReserved": "2009-04-03T00:00:00", "dateUpdated": "2024-08-07T05:04:49.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:proventia_desktop_endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "B77F1551-5C37-4D5B-AC86-C2965083B93D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C520BF35-8406-44E3-8FC6-D8BD7242D13B", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:network_multi-function_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F24569C0-A783-4CFC-9A74-794DBA96E719", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F19781E-ECC4-40A0-8027-2DC059FB989E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el motor Proventia de IBM versi\u00f3n 4.9.0.0.44 20081231, tal y como es usado en Proventia Network Mail Security System , Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), y posiblemente otros productos de IBM, permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de un archivo RAR modificado."}], "evaluatorComment": "Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417\r\n\r\nAlthough the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines.\r\n\r\nThe Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion.\r\n\r\nNo other IBM ISS products currently incorporate the Virus Prevention System technology.", "id": "CVE-2009-1240", "lastModified": "2018-10-10T19:35:20.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-04-03T18:30:00.657", "references": [{"source": "cve@mitre.org", "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html"}, {"source": "cve@mitre.org", "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/34345"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}