[27007] in bugtraq
MIMEDefang update (was Re: Bypassing SMTP Content Protection )
daemon@ATHENA.MIT.EDU (David F. Skoll)
Thu Sep 12 12:11:19 2002
Date: Thu, 12 Sep 2002 11:11:07 -0400 (EDT)
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: bugtraq@securityfocus.com
In-Reply-To: <004801c25a62$9a9b5080$0c01a8c0@beyondmobile1>
Message-ID: <Pine.LNX.4.44.0209121102310.3920-100000@shishi.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
MIMEDefang (http://www.roaringpenguin.com/mimedefang/) is an SMTP
filtering tool which in its default configuration is susceptible
to this attack.
MIMEDefang relies on the MIME::tools Perl parsing module. This module
correctly descends into "message/rfc822" entities and parses parts
inside them, but it does not descend into "message/partial" entities.
Therefore, even the default filename checks will not work with
"message/partial" types. I hope to have a patched version of MIME::tools
soon.
For the next MIMEDefang release, the default filter will be modified to drop
message/partial parts. Current users of MIMEDefang should add the
following code to their filter and filter_multipart routines:
# Block message/partial parts
if (lc($type) eq "message/partial") {
action_quarantine_entire_message();
action_notify_administrator("Message quarantined because of message/partial type");
return action_discard();
}
--
David.
