Bugtraq mailing list archives
Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Wed, 15 Sep 2004 14:51:06 -0400 (EDT)
On Wed, 15 Sep 2004, David Covin wrote:
Two points:
It's fair to argue that canonicalizing is the more useful policy, but not that it is the only secure one.
Fair enough, with the caveat that it's probably easier to canonicalize than to detect all MIME messages that might possibly be misinterpreted.
2. Your logic sounds convincing, but interposing a proxy that systematically changes incoming messages raises red flags in my mind.
Indeed.
Yours is a more sophisticated approach, but I still see the potential for strange interactions between the gateway security product's MIME implementation and those of sending and receiving programs. Have you found this to be a problem, for those who've been using this filter?
I have run into some problems, which is why the canonicalization is disabled by default. Regards, David.
Current thread:
- Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue advisories (Sep 14)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David F. Skoll (Sep 15)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David Covin (Sep 15)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David F. Skoll (Sep 16)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue Borja Marcos (Sep 17)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue Greg A. Woods (Sep 18)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David Covin (Sep 15)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David F. Skoll (Sep 15)