Shady Advisory Digest (2004-09-15)
Today I received this shady advisory. Maybe mutt could be affected as
well?
MIME Standard: multiple vulnerabilities
+---------------------------------------------------------------+
Date: 2004-09-15
State: 2004-09-15
+---------------------------------------------------------------+
Operating System(s):
UNIX
Microsoft Windows
Other operating systems may be affected as well.
+---------------------------------------------------------------+
Software:
Potentially affected are serveral types of software product
which use MIME.
These are email clients, web browser, antivirus products, mail
and content checkers.
+---------------------------------------------------------------+
Attack:
An anonymous remote attacker can potentially use incorrect
MIME-Messages for denial of service, to bypass content checkers
and for remote code execution.
+---------------------------------------------------------------+
Description:
MIME is a standard for encoding binary files. MIME is used for
encoding attachments and for the transfer of files in the world
wide web content transfer protocol HTTP. With a range of fields
the sender is able to choose the encoding form.
Malformed MIME messages can pass through the checker or the
recieving client could crash.
An anonymous remote attacker can use this vulnerability for
denial of service, to bypassed content checker or to execute
arbitary code.
+---------------------------------------------------------------+
Risiko (*):
Probability of an attack: MEDIUM-HIGH
Damage probability: MEDIUM-HIGH
+---------------------------------------------------------------+
Recommendation:
Please contact your vendor for a clarification of this security
issue.
Information about tests:
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
+---------------------------------------------------------------+
Information:
Corsaire Advisory:
http://www.corsaire.com/news/040913-mime.html
NISCC Vulnerability Advisory 380375/MIME dated 2004-09-13
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
--
Ralf Hildebrandt Ralf.Hildebrandt@xxxxxxxxxx
Postfix Tips: http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155