[27229] in bugtraq
Re: Another possible RFC 2046 vulnerability.
daemon@ATHENA.MIT.EDU (Daniel Pittman)
Mon Sep 30 18:31:53 2002
To: jose@ensmp.fr
In-Reply-To: <3D943A9A.A30334A9@ensmp.fr> (Jose Marcio Martins da Cruz's
message of "Fri, 27 Sep 2002 13:01:46 +0200")
From: Daniel Pittman <daniel@rimspace.net>
Date: Mon, 30 Sep 2002 13:12:48 +1000
Message-ID: <87smzs2mrz.fsf@enki.rimspace.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
On Fri, 27 Sep 2002, Jose Marcio Martins da Cruz wrote:
> Some days ago, we're talking about RFC 2046 message fragmentation
> vulnerability.
>
> There is another related RFC 2046 vulnerability :
> message/external-body message type.
>
> RFC 2046 message/external-body MIME type allows to send messages not
> by it's content, but by reference.
[...]
> Classical mail server virus scanners will never see the malicious code
> pass through it, as they will never have available entire malicious
> code.
>
> The only way to detect it, IMHO, at mail server, is by lexical
> analysis of MIME tags.
It's worth noting that simply dumping any message that uses this MIME
feature will block all the IETF draft messages, which may or may not be
considered a feature.
> Netscape Communicator 4.79 is compatible with this RFC 2046 feature.
>
> I can't say anything about others mail clients, as I'm sick at home
> and I have no access to other MUAs.
Gnus under Emacs supports this in more recent versions.
Daniel
--
To swallow and follow, whether old doctrine or new propaganda, is a weakness
still dominating the human mind.
-- Charlotte Perkins Gilman, _Human Work_
