Can it be confirmed that the MIME checking option in the SMTP proxy covers this Advisory?
[ QUOTE ]
What is Affected?
The vulnerabilities described in this advisory potentially affect Multipurpose Internet Mail Extensions (MIME) implementations complying with the Internet Engineering Task Force’s (IETF’s) Requests For Comments (RFCs) 2045 to 2049 inclusive. MIME is a standard for encoding attachments to emails that has been extended as new attachments types have become available. MIME is also used as an encoding method for transfer of files in the world wide web content transfer protocol HTTP. The standards define a range of fields that control how data is encoded within the transport, and how it should be interpreted by the receiving agent. RFC 2047 defines "techniques to allow the encoding of non-ASCII text in various portions of a RFC 822 message header, in a manner which is unlikely to confuse existing message handling software".
There are several types of software product that need to be able to parse MIME, and all of these are potentially affected by the vulnerabilities identified. These are:
Email clients
Web browsers
Anti-virus products
Mail content checkers
Web content checkers
Please see http://www.uniras.gov.uk/vuls/2004/380375/mime.htm for further information.
[/ QUOTE ]
This thread was automatically locked due to age.