[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] DoS attacks on MIME-capable software via complex MIME emails
- To: "Bernhard Brehm" <bruhns@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] DoS attacks on MIME-capable software via complex MIME emails
- From: "Kurt Buff" <kurt.buff@xxxxxxxxx>
- Date: Tue, 9 Dec 2008 11:03:50 -0800
On Mon, Dec 8, 2008 at 2:56 PM, Bernhard Brehm <bruhns@xxxxxxxxxxxxxxxxx> wrote:
> Valdis.Kletnieks@xxxxxx said:
>>
>> You want *real* loads of fun? Go read up on message/partial ;)
>>
<snip>
> The situation is quite similiar to the reason, why MTAs like sendmail
> are no real target for such attacks: No server should try to convert
> 8bit encoding to 7bit encoding any more. Nobody needs to split a message
> into several parts for transfer and expects the mailclient to reassemble
> the parts. Not all pieces of MIME-related software really need to
> understand these rather obscure content-types.
Not exactly true. There might not be any clients which support it
currently (don't know, myself) but *my* users are constantly trying to
send huge messages that I don't allow for size reasons. Breaking them
apart into chunks automatically for automatic reassembly by the
recipient would very much appeal to them.
Kurt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/