[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue

To: David Covin <dcovin@xxxxxxxxxxxxxxxxxxx>
Subject: Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
From: "David F. Skoll" <dfs@xxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Sep 2004 14:51:06 -0400 (EDT)

On Wed, 15 Sep 2004, David Covin wrote:

> Two points:

> It's fair to argue
> that canonicalizing is the more useful policy, but not that it is the
> only secure one.

Fair enough, with the caveat that it's probably easier to canonicalize
than to detect all MIME messages that might possibly be misinterpreted.

> 2. Your logic sounds convincing, but interposing a proxy that
> systematically changes incoming messages raises red flags in my mind.

Indeed.

> Yours is a more sophisticated approach, but I still see the
> potential for strange interactions between the gateway security
> product's MIME implementation and those of sending and receiving
> programs.  Have you found this to be a problem, for those who've
> been using this filter?

I have run into some problems, which is why the canonicalization is
disabled by default.

Regards,

David.

References:
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
  - From: David Covin

Prev by Date: MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities
Next by Date: Re: FreeBSD kernel buffer overflow
Previous by thread: Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
Next by thread: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution [MS04-028]
Index(es):
- Date
- Thread