FKIE_CVE-2009-1240

Vulnerability from fkie_nvd - Published: 2009-04-03 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.
References
cve@mitre.orghttp://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
cve@mitre.orghttp://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
cve@mitre.orghttp://www.securityfocus.com/archive/1/502369/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/504987/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/504992/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/504995/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34345
af854a3a-2127-422b-91ae-364da2661108http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html
af854a3a-2127-422b-91ae-364da2661108http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/502369/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/504987/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/504992/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/504995/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34345
Impacted products
Vendor Product Version
ibm proventia_desktop_endpoint_security *
ibm proventia_network_mail_security_system *
ibm network_multi-function_security *
ibm proventia_network_mail_security_system_virtual_appliance *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:proventia_desktop_endpoint_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77F1551-5C37-4D5B-AC86-C2965083B93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C520BF35-8406-44E3-8FC6-D8BD7242D13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:network_multi-function_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24569C0-A783-4CFC-9A74-794DBA96E719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F19781E-ECC4-40A0-8027-2DC059FB989E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en el motor Proventia de IBM versi\u00f3n 4.9.0.0.44 20081231, tal y como es usado en Proventia Network Mail Security System , Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), y posiblemente otros productos de IBM, permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de un archivo RAR modificado."
    }
  ],
  "evaluatorComment": "Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417\r\n\r\nAlthough the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines.\r\n\r\nThe Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion.\r\n\r\nNo other IBM ISS products currently incorporate the Virus Prevention System technology.",
  "id": "CVE-2009-1240",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-03T18:30:00.657",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34345"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.