Bugzilla Bug 64037

Confirmation can be found at http://www.uniras.gov.uk/vuls/2004/380375/mime.htm

From SecurityTracker (http://securitytracker.com/alerts/2004/Sep/1011237.html):

CVE Reference:  CAN-2003-1014 ,  CAN-2004-0052 ,  CAN-2004-0161 ,  CAN-2004-0162   
Impact:  Not specified
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 1.4.0.0
Description:  A vulnerability was reported in ripMIME in the processing of Multipurpose Internet Mail Extensions (MIME) content. Certain content may not be processed properly, resulting in potential security issues in applications that use ripMIME.

NISCC reported several vulnerabilities in software that processes Multipurpose Internet Mail Extensions (MIME) content. These vulnerabilities may allow a remote user to bypass content filters, cause denial of service conditions, or execute arbitrary code on the target system. The specific impact depends on the affected product.

The vulnerabilities were discovered using a test suite produced by Corsaire Ltd.

ripMIME does not correctly decode multiple filename/content entry, missing separator, header comments, empty boundary, and RFC2231 encoded filenames, according to reports.

A remote user can send MIME content containing certain fields that occur multiple times and using malformed encapsulation techniques to bypass content filtering functions [CVE: CAN-2003-1014].

A remote user can use malformed MIME encapsulation techniques that use non-standard separators (such as a double colon) to bypass content filtering functions [CVE: CAN-2004-0052].

A remote user can use malformed MIME encapsulation techniques that include fields encoded using the RFC 2231 continuations or parameter value character set and language information to bypass content filtering functions [CVE: CAN-2004-0161].

A remote user can use malformed MIME encapsulation techniques that include fields containing an RFC 822 comment to bypass content filtering functions [CVE: CAN-2004-0162].
Impact:  An application using ripMIME may not properly analyze MIME-based content. The specific impact depends on the application using ripMIME.
Solution:  The vendor has released a fixed version (1.4.0.0), available at:

http://www.pldaniels.com/ripmime/downloads.php
Vendor URL:  www.pldaniels.com/ripmime/ (Links to External Site)
Cause:  Input validation error

From http://www.uniras.gov.uk/vuls/2004/380375/mime.htm

ripMIME

Source: 

Paul L Daniels, Owner/Directory of PLDaniels (Software) - Australia

Subject: ripMIME conformance testing with the NISCC MIME exploit kit

Content:

Versions of ripMIME prior to 1.4.0.0 were found to lack the ability to correctly decode multiple filename/content entry, missing separator, header comments, empty boundary and RFC2231 encoded filenames.

ripMIME now correctly handles these exploitable items by providing in the case of ambiguous readings, all possibilities (i.e., for multiple filenames, ripMIME will create a file with each listed filename).

We would like to take this opportunity to commend the NISCC team on their highly professional conduct and realistic time schedules.

vapier, since gregf seems to be gone and you commited the last changes... can
you look into/bump this?

Bass, can you have a look at this when you are back home later today? You have
commited changes to ripmime before and this just seems to need a simple bump.

(Let this be the mail I was supposed to write you ;-)

1.4.0.0 is now in portage

need x86/sparc/ppc stable

thx vapier :)

current KEYWORDS="~x86 ~ppc ~sparc"
target KEYWORDS="x86 ppc sparc"


security, any votes on GLSA or no GLSA?
This is marked B4 and according to SecurityTracker the only impact is bypassing of content filtering functions. There was no GLSA for bug #59341 either btw.

stable on ppc

Sparc stable.

ready for GLSA

security... please vote on a GLSA (s. comment #5)

Personally I don't think that one is needed.

I vote for no GLSA.

*** Bug 64161 has been marked as a duplicate of this bug. ***

Agreed. Closing with no GLSA