[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Another possible RFC 2046 vulnerability.
From: Earl Hood <earl () earlhood ! com>
Date: 2002-09-30 23:31:11
[Download RAW message or body]
On September 27, 2002 at 13:01, Jose Marcio Martins da Cruz wrote:
> What's interesting is that in this case the message and the malicious
> code passes through two different network paths : messages is sent by
> mail and the malicious code will be get by receiver by anonymous ftp.
>
> In the case of previous vulnerability (fragmented message), message and
> malicious code uses the same network path.
>
> Classical mail server virus scanners will never see the malicious code
> pass through it, as they will never have available entire malicious
> code.
Since the external-body type uses other standard network protocols, then
the security policies of a company for other protocols (like ftp) would
take effect. It is no different than if someone sends a message
to someone saying "go download ftp://....".
> I can't say anything about others mail clients, as I'm sick at home and
> I have no access to other MUAs.
The venerable MH, and its successor nmh, support the
message/external-body type.
The only real security risk is if a badly designed MUA automatically
retrieves the data specified in a message/external-body (and RFC 2046
gives a warning about this). Otherwise, it poses the same security
problems as someone including a URL in a regular mail message (which
many MUAs automatically convert into a hyperlink).
--ewh
P.S. You may be interested in RFC 2017 that defines the URL access
type for message/external-body.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic