[24324] in bugtraq
Outlook \r expliots - ripMIME fix.
daemon@ATHENA.MIT.EDU (Paul L Daniels)
Tue Feb 19 18:15:13 2002
Date: Mon, 18 Feb 2002 15:43:53 +1000
From: Paul L Daniels <pldaniels@pldaniels.com>
To: pldaniels@pldaniels.com
Cc: bugtraq@securityfocus.com
Message-Id: <20020218154353.15384210.pldaniels@pldaniels.com>
In-Reply-To: <51CC94132526754995E79DCF28C0C34D07E942@exchange.cigital.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
A recent announcement of ripMIME 1.2.12 has been superceded with a new release which covers several issues as mentioned in 3APA3A@SECURITY.NNOV.RU's content-exploits analysis post.
Specifically,
"\0 data poisoning" and "fake-end-of-line termination" (due to fgets()) have been immediately covered.
Issues with UTF formatting is still present (although detection of the data content is not affected, as content-scanners should not use the file name as anything more than a subtle-guide).
ripMIME is available at http://pldaniels.org/ripmime
Regards.
--
Paul L Daniels http://www.pldaniels.com
Linux/Unix systems Internet Development
ICQ#103642862,AOL:cinflex,IRC:inflex
A.B.N. 19 500 721 806
