Full Disclosure mailing list archives
Re: DoS attacks on MIME-capable software via complex MIME emails
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Tue, 9 Dec 2008 11:03:50 -0800
On Mon, Dec 8, 2008 at 2:56 PM, Bernhard Brehm <bruhns () recurity-labs com> wrote:
Valdis.Kletnieks () vt edu said:You want *real* loads of fun? Go read up on message/partial ;)
<snip>
The situation is quite similiar to the reason, why MTAs like sendmail are no real target for such attacks: No server should try to convert 8bit encoding to 7bit encoding any more. Nobody needs to split a message into several parts for transfer and expects the mailclient to reassemble the parts. Not all pieces of MIME-related software really need to understand these rather obscure content-types.
Not exactly true. There might not be any clients which support it currently (don't know, myself) but *my* users are constantly trying to send huge messages that I don't allow for size reasons. Breaking them apart into chunks automatically for automatic reassembly by the recipient would very much appeal to them. Kurt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DoS attacks on MIME-capable software via complex MIME emails Bernhard Brehm (Dec 08)
- Re: DoS attacks on MIME-capable software via complex MIME emails Valdis . Kletnieks (Dec 08)
- Re: DoS attacks on MIME-capable software via complex MIME emails Bernhard Brehm (Dec 09)
- Re: DoS attacks on MIME-capable software via complex MIME emails Kurt Buff (Dec 09)
- Re: DoS attacks on MIME-capable software via complex MIME emails Bernhard Brehm (Dec 09)
- Re: DoS attacks on MIME-capable software via complex MIME emails Valdis . Kletnieks (Dec 08)