SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   RipMIME Vendors:   Daniels, Paul L.
ripMIME MIME Decoding Errors May Have Security Impact on Applications Using ripMIME
SecurityTracker Alert ID:  1011237
SecurityTracker URL:  http://securitytracker.com/id/1011237
CVE Reference:   CAN-2003-1014, CAN-2004-0052, CAN-2004-0161, CAN-2004-0162   (Links to External Site)
Date:  Sep 14 2004
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.4.0.0
Description:   A vulnerability was reported in ripMIME in the processing of Multipurpose Internet Mail Extensions (MIME) content. Certain content may not be processed properly, resulting in potential security issues in applications that use ripMIME.

NISCC reported several vulnerabilities in software that processes Multipurpose Internet Mail Extensions (MIME) content. These vulnerabilities may allow a remote user to bypass content filters, cause denial of service conditions, or execute arbitrary code on the target system. The specific impact depends on the affected product.

The vulnerabilities were discovered using a test suite produced by Corsaire Ltd.

ripMIME does not correctly decode multiple filename/content entry, missing separator, header comments, empty boundary, and RFC2231 encoded filenames, according to reports.

A remote user can send MIME content containing certain fields that occur multiple times and using malformed encapsulation techniques to bypass content filtering functions [CVE: CAN-2003-1014].

A remote user can use malformed MIME encapsulation techniques that use non-standard separators (such as a double colon) to bypass content filtering functions [CVE: CAN-2004-0052].

A remote user can use malformed MIME encapsulation techniques that include fields encoded using the RFC 2231 continuations or parameter value character set and language information to bypass content filtering functions [CVE: CAN-2004-0161].

A remote user can use malformed MIME encapsulation techniques that include fields containing an RFC 822 comment to bypass content filtering functions [CVE: CAN-2004-0162].
Impact:   An application using ripMIME may not properly analyze MIME-based content. The specific impact depends on the application using ripMIME.
Solution:   The vendor has released a fixed version (1.4.0.0), available at:

http://www.pldaniels.com/ripmime/downloads.php
Vendor URL:  www.pldaniels.com/ripmime/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents
Date:  Mon, 13 Sep 2004 14:43:06 -0400
Subject:  http://www.uniras.gov.uk/vuls/2004/380375/mime.htm


NISCC reported several vulnerabilities in software that processes Multipurpose 
Internet Mail Extensions (MIME) content.  These vulnerabilities may allow a remote 
user to bypass content filters, cause denial of service conditions, or execute 
arbitrary code on the target system.  The specific impact depends on the affected 
product.

The vulnerabilities were discovered using a test suite produced by Corsaire Ltd.

The vulnerabilities are summarized below.

A remote user can send MIME content containing certain fields that occur multiple 
times and using malformed encapsulation techniques to bypass content filtering 
functions [CVE: CAN-2003-1014].

A remote user can use malformed MIME encapsulation techniques containing 
whitespace in a non-standard manner to bypass content filtering functions [CVE: 
CAN-2003-1015].

A remote user can use malformed MIME encapsulation techniques containing 
quoting in a non-standard manner to bypass content filtering functions [CVE: 
CAN-2003-1016].

A remote user can use MIME encapsulation techniques that use certain standard and 
non-standard Content-Transfer-Encoding mechanisms to bypass content filtering 
functions [CVE: CAN-2004-0051].

A remote user can use malformed MIME encapsulation techniques that use non-standard 
separators (such as a double colon) to bypass content filtering functions [CVE: 
CAN-2004-0052].

A remote user can use malformed MIME encapsulation techniques that use fields encoded 
using the RFC 2047 parameter value character set and language information to bypass 
content filtering functions [CVE: CAN-2004-0053].

A remote user can use malformed MIME encapsulation techniques that include fields 
encoded using the RFC 2231 continuations or parameter value character set and language 
information to bypass content filtering functions [CVE: CAN-2004-0161].

A remote user can use malformed MIME encapsulation techniques that include fields 
containing an RFC 822 comment to bypass content filtering functions [CVE: 
CAN-2004-0162].


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC