Bugtraq mailing list archives
Re: Another possible RFC 2046 vulnerability.
From: Daniel Pittman <daniel () rimspace net>
Date: Mon, 30 Sep 2002 13:12:48 +1000
On Fri, 27 Sep 2002, Jose Marcio Martins da Cruz wrote:
Some days ago, we're talking about RFC 2046 message fragmentation vulnerability. There is another related RFC 2046 vulnerability : message/external-body message type. RFC 2046 message/external-body MIME type allows to send messages not by it's content, but by reference.
[...]
Classical mail server virus scanners will never see the malicious code pass through it, as they will never have available entire malicious code. The only way to detect it, IMHO, at mail server, is by lexical analysis of MIME tags.
It's worth noting that simply dumping any message that uses this MIME feature will block all the IETF draft messages, which may or may not be considered a feature.
Netscape Communicator 4.79 is compatible with this RFC 2046 feature. I can't say anything about others mail clients, as I'm sick at home and I have no access to other MUAs.
Gnus under Emacs supports this in more recent versions. Daniel -- To swallow and follow, whether old doctrine or new propaganda, is a weakness still dominating the human mind. -- Charlotte Perkins Gilman, _Human Work_
Current thread:
- Another possible RFC 2046 vulnerability. Jose Marcio Martins da Cruz (Sep 27)
- Re: Another possible RFC 2046 vulnerability. Daniel Pittman (Sep 30)