CAPEC-CAPEC-42 - CERT CVE

Naziv	MIME Conversion
Sažetak	An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Preduvjeti	The target system uses a mail server.\|Mail server vendor has not released a patch for the MIME conversion routine, the patch itself has a security hole or does not fix the original problem, or the patch has not been applied to the user's system.
Rješenja	['Stay up to date with third party vendor patches', 'Disable the 7 to 8 bit conversion. This can be done by removing the F=9 flag from all Mailer specifications in the sendmail.cf file. For example, a sendmail.cf file with these changes applied should look similar to (depending on your system and configuration): Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/', '@qrmn, S=10/30, R=20/40, This can be achieved for the "Mlocal" and "Mprog" Mailers by modifying the ".mc" file to include the following lines: define(`LOCAL_MAILER_FLAGS\', and then rebuilding the sendmail.cf file using m4(1). From "Exploiting Software", please see reference below.', 'Use the sendmail restricted shell program (smrsh)', 'Use mail.local']