Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re:[4] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
From: "advisories" <advisories () corsaire com>
Date: Wed, 29 Sep 2004 09:24:35 +0100
No.  It is possible to write out a MIME message which
cannot be interpreted ambiguously by software that
correctly obeys the relevant RFCs.


You have simply changed the subject; this is quite different from your
previous statement that it is possible to create a single canonical version
by selecting a field from multiple choices.


If any possible MIME message can be ambiguous, as you imply,
then the only safe action is to discard every single MIME
message, period.


*May* be ambiguous, not *must* be ambiguous. The safe action is to detect
and discard the ambiguous ones.


The reformatting *must* eliminate the attack vector, because
it *must* force correctly-written software to interpret the
message the same way as the security agent.


It does no such thing. The security product has no control over the client
at all, so cannot force it to do anything. This model can only work if the
client interprets the mailbody in the same way as the security agent, and
more importantly does *not* interpret anything else.

In the real world, this simply isn't the case.

Regards,
Martin O'Neal

  By Date           By Thread  

Current thread:
  • Re:[4] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue advisories (Sep 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]