Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Another possible RFC 2046 vulnerability.
From: Earl Hood <earl () earlhood com>
Date: Mon, 30 Sep 2002 18:31:11 -0500

On September 27, 2002 at 13:01, Jose Marcio Martins da Cruz wrote:

What's interesting is that in this case the message and the malicious
code passes through two different network paths : messages is sent by
mail and the malicious code will be get by receiver by anonymous ftp.

In the case of previous vulnerability (fragmented message), message and
malicious code uses the same network path.

Classical mail server virus scanners will never see the malicious code
pass through it, as they will never have available entire malicious
code.

Since the external-body type uses other standard network protocols, then
the security policies of a company for other protocols (like ftp) would
take effect.  It is no different than if someone sends a message
to someone saying "go download ftp://....";.

I can't say anything about others mail clients, as I'm sick at home and
I have no access to other MUAs. 

The venerable MH, and its successor nmh, support the
message/external-body type.

The only real security risk is if a badly designed MUA automatically
retrieves the data specified in a message/external-body (and RFC 2046
gives a warning about this).  Otherwise, it poses the same security
problems as someone including a URL in a regular mail message (which
many MUAs automatically convert into a hyperlink).

--ewh

P.S.  You may be interested in RFC 2017 that defines the URL access
type for message/external-body.


  By Date           By Thread  

Current thread:
  • Re: Another possible RFC 2046 vulnerability. Earl Hood (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]