Guest

Preview Tool

Cisco Bug: CSCzv24565 - Single Period is handled incorrectly as end of message if enclosed b...

Last Modified

Nov 11, 2016

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.1.5-025 8.0.0-000

Description (partial)

Symptom:
A message  gets accepted prematurely although injection is not complete yet. All following injections cause a "Unknown command" error.

Example:

Thu Jan 12 09:07:28 2012 Info: Start MID 7 ICID 7
Thu Jan 12 09:07:28 2012 Info: MID 7 ICID 7 From: <cisco@hostname.localhost>
Thu Jan 12 09:07:28 2012 Info: MID 7 ICID 7 RID 0 To: <test@cisco.com>
Thu Jan 12 09:07:29 2012 Info: MID 7 Message-ID '<20120112090718.2C5EA7A9534@hostname.localhost>'
Thu Jan 12 09:07:29 2012 Info: MID 7 Subject 'Test CR'
Thu Jan 12 09:07:29 2012 Info: MID 7 ready 448 bytes from <cisco@hostname.localhost>
Thu Jan 12 09:07:29 2012 Info: ICID 7 Unknown command: This
Thu Jan 12 09:07:29 2012 Info: ICID 7 Unknown command: 
Thu Jan 12 09:07:29 2012 Info: ICID 7 Unknown command: 
Thu Jan 12 09:07:29 2012 Info: MID 7 matched all recipients for per-recipient
policy DEFAULT in the inbound table
Thu Jan 12 09:07:29 2012 Info: MID 7 queued for delivery

Conditions:
Injection of a message that includes a line with a sequence of CR, period, and
CRLF, and some more text after that. In an injection debug log, the line looks like this (\r\n is a line feed with carriage return, \r is only a carriage return):

Thu Jan 12 01:28:34 2012 Info: 777 Rcvd from '173.37.9.25': 'MAIL FROM:<cisco@hostname.localhost>
SIZE=347\r\n'
Thu Jan 12 01:28:34 2012 Info: 777 Sent to '173.37.9.25': '250 sender <cisco@hostname.localhost>
ok\r\n'
Thu Jan 12 01:28:34 2012 Info: 777 Rcvd from '173.37.9.25': 'RCPT TO:<test@cisco.com>\r\n'
Thu Jan 12 01:28:34 2012 Info: 777 Sent to '173.37.9.25': '250 recipient
<test@cisco.com> ok\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Rcvd from '173.37.9.25': 'DATA\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Sent to '173.37.9.25': '354 go ahead\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Rcvd from '173.37.9.25': 'Received: by
hostname.localhost (Postfix, from userid 502)\r\n\tid 07DB27A96BF; Thu, 12
Jan 2012 10:28:17 +0100 (CET)\r\nTo: test@cisco.com\r\nSubject: Test CR\r\nMessage-Id:
<20120112092818.07DB27A96BF@hostname.localhost>\r\nDate: Thu, 12 Jan 2012
10:28:17 +0100 (CET)\r\nFrom: cisco@hostname.localhost (amueller)\r\n\r\nHi,\r\n\r\nHello
World\r.\r\nThis is a test\r\n\r\n\r\n.\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Sent to '173.37.9.25': '250 ok:  Message
106959 accepted\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Sent to '173.37.9.25': '500 #5.5.1 command
not recognized\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Sent to '173.37.9.25': '500 #5.5.1 command
not recognized\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Sent to '173.37.9.25': '500 #5.5.1 command
not recognized\r\n'
Thu Jan 12 01:28:35 2012 Info: 777 Sent to '173.37.9.25': '500 #5.5.1 command
not recognized\r\n'
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.