Bugtraq: Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue

From: "Greg A. Woods" <woods () weird com>
Date: Sat, 18 Sep 2004 13:14:28 -0400 (EDT)

[ On Friday, September 17, 2004 at 14:08:33 (+0200), Borja Marcos wrote: ]

Subject: Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue

      If someone builds faulty software which generates bad MIME headers, 
such messages should be treated as hostile messages and dropped. 
Period.


You are 110% correct.

Thank you very much for saying that, and I would suggest that at the
current time it is something which cannot be repeated too many times.

Far too few software developers understand the idea of "failing safely".

Passing on "cleaned" or "de-fanged" messages is a guaranteed way of
failing catastrophically.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods () robohack ca>
Planix, Inc. <woods () planix com>          Secrets of the Weird <woods () weird com>

By Date By Thread

Current thread:

Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue advisories (Sep 14)
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David F. Skoll (Sep 15)
  - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David Covin (Sep 15)
    - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue David F. Skoll (Sep 16)
    - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue Borja Marcos (Sep 17)
    - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue Greg A. Woods (Sep 18)