[Esd-l] WARN: malformed MIME can bypass sanitizer

John D. Hardin jhardin at impsec.org
Mon Sep 22 08:10:11 PDT 2003


A worm showed up unsanitized in my mailbox this morning. Investication
showed that one of the MIME boundary strings was malformed: it did not
begin with "--" as per RFC2046 (it began with "A--"). The sanitizer
didn't parse it properly, but the mailer (evolution) did.

I will modify the sanitizer to fix MIME boundary headers malformed in
this manner, but I won't be able to release it right away, so this is
a heads-up.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   44 days until Matrix Revolutions

More information about the esd-l mailing list