Guest

Preview Tool

Cisco Bug: CSCzv32600 - Null byte injection into 'mail from' or 'rcpt to' causes appfault on...

Last Modified

Mar 07, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.6.0-444 8.0.0-000 9.7.1-066

Description (partial)

Symptom:
Customer sees an application fault similar to:

An application fault occurred: ('egg/fast_rpc.py request|293', "<type 'exceptions.TypeError'>", 'argument 1 must be string without null bytes, not str', '
[egg/omh.py queue_worker_thread|3690] 
[egg/omh.py process_item|4140] 
[dlp/scanning.py policy_scan|243] 
[_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11759)|1099] 
[dlp/scanning.py _do_policy_scan|951] 
[rpc/client.py new_fn|72] 
[rpc/client.py pol_match|109] 
[egg/fast_rpc_proxy.py __method_caller__|20] 
[egg/fast_rpc.py request|293]') MID: ######

Version: 8.5.6-092

Conditions:
1.  Image appliance with build 7.6.0-44
2.  Create Private listener.
3.  Enable RSA Email DLP(Enable and configure DLP using the DLP Assessment Wizard - all default)
4.  Inject mail into private listener where 'mail from' or/and 'rcpt to' contain '\0'.

Example:
mail from = '\0test@mail.qa'
rcpt to   = '\0ahrytski@mail.qa'
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.