製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM Proventia エンジンにおけるマルウェアの検知を回避される脆弱性

Title	IBM Proventia エンジンにおけるマルウェアの検知を回避される脆弱性
Summary	IBM Proventia Network Mail Security System、Network Mail Security System Virtual Appliance、Desktop Endpoint Security、Network Multi-Function Security (MFS) で使用される IBM Proventia エンジンには、マルウェアの検知を回避される脆弱性が存在します。
Possible impacts	第三者により、変更された RAR アーカイブを介して、マルウェアの検知を回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 3, 2009, midnight
Registration Date	Sept. 25, 2012, 5:27 p.m.
Last Update	Sept. 25, 2012, 5:27 p.m.

Affected System

IBM

IBM Proventia Network Mail Security System

network multi-function security

proventia desktop endpoint security

proventia network mail security system virtual appliance

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-1240	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1240
National Vulnerability Database (NVD)
2	CVE-2009-1240	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1240

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
IBM
1	Proventia Network Mail Security System	http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-1240

Summary	Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.
Summary	Una vulnerabilidad no especificada en el motor Proventia de IBM versión 4.9.0.0.44 20081231, tal y como es usado en Proventia Network Mail Security System , Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), y posiblemente otros productos de IBM, permite a los atacantes remotos omitir la detección de malware por medio de un archivo RAR modificado.
Publication Date	April 4, 2009, 3:30 a.m.
Registration Date	Jan. 29, 2021, 1:16 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:proventia_desktop_endpoint_security::::::::
cpe:2.3:a:ibm:proventia_network_mail_security_system::::::::
cpe:2.3:h:ibm:network_multi-function_security::::::::
cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance::::::::

Related information, measures and tools

No	URL	refsource
1	http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html	cve@mitre.org
2	http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417	cve@mitre.org
3	http://www.securityfocus.com/archive/1/502369/100/0/threaded	cve@mitre.org
4	http://www.securityfocus.com/archive/1/504987/100/0/threaded	cve@mitre.org
5	http://www.securityfocus.com/archive/1/504992/100/0/threaded	cve@mitre.org
6	http://www.securityfocus.com/archive/1/504995/100/0/threaded	cve@mitre.org
7	http://www.securityfocus.com/bid/34345	cve@mitre.org
8	http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html	af854a3a-2127-422b-91ae-364da2661108
9	http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417	af854a3a-2127-422b-91ae-364da2661108
10	http://www.securityfocus.com/archive/1/502369/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/archive/1/504987/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/archive/1/504992/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/504995/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/34345	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List