FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ripMIME -- decoding bug allowing content filter bypass

Affected packages
ripmime < 1.3.2.3

Details

VuXML ID 85e19dff-e606-11d8-9b0a-000347a4fa7d
Discovery 2004-07-30
Entry 2004-08-27

ripMIME may prematurely terminate decoding Base64 encoded messages when it encounters multiple blank lines or other non-standard Base64 constructs. Virus scanning and content filtering tools that use ripMIME may therefore be bypassed.

The ripMIME CHANGELOG file says:

There's viruses going around exploiting the ability to hide the majority of their data in an attachment by using blank lines and other tricks to make scanning systems prematurely terminate their base64 decoding.

[source]

References

Bugtraq ID 10848
URL http://secunia.com/advisories/12201
URL http://www.osvdb.org/8287
URL http://www.pldaniels.com/ripmime/CHANGELOG
URL http://xforce.iss.net/xforce/xfdb/16867

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.