[Esd-l] WARN: malformed MIME can bypass sanitizer
John D. Hardin
jhardin at impsec.org
Mon Sep 22 08:10:11 PDT 2003
All:
A worm showed up unsanitized in my mailbox this morning. Investication
showed that one of the MIME boundary strings was malformed: it did not
begin with "--" as per RFC2046 (it began with "A--"). The sanitizer
didn't parse it properly, but the mailer (evolution) did.
I will modify the sanitizer to fix MIME boundary headers malformed in
this manner, but I won't be able to release it right away, so this is
a heads-up.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
44 days until Matrix Revolutions
More information about the esd-l
mailing list