Security flaws found in hundreds of email filtering tools

The body responsible for protecting the UK's critical national infrastructure against electronic attack has issued an urgent alert to users about eight serious new security flaws affecting hundreds of email gateway products.

The National Infrastructure Security Co-ordination Centre (NISCC) alert (issued by UNIRAS - the UK equivalent of CERT) warns that flaws in the MIME internet email protocol extension could, if exploited, allow hackers to bypass content checking and antivirus tools and launch denial of service attacks.

MIME is a standard for encoding attachments to emails and is used in email clients, web browsers, antivirus products and content checkers.

The vulnerabilities can be exploited with "malformed" subjects using multiple occurrences of fields, non-standard presence of whitespace and non-standard quoting to evade content checking functionality. This could allow malicious code through content filtering and antivirus software.

It is over a year since the flaws were discovered by security consultancy Corsaire after working on arge insurance company's email system.

Corsaire said it passed details of the vulnerabilities onto the NISCC last summer because of the scale of the problem and the co-ordination needed between vendors to fix their products.

Many vendors have already silently issued patches for the flaws and Apple, HP, MessageLabs and Mozilla have already declared their products are not affected by the vulnerabilities.

Antivirus company F-Secure has confirmed its Internet Gatekeeper server products are vulnerable and that this will be fixed in the next release, scheduled for the fourth quarter this year.