From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/15765
Path: main.gmane.org!not-for-mail
From: SL Baur <steve@xemacs.org>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: [Brent Welch <welch@scriptics.com>] MIME attack on Microsoft and Netscape mail readers
Date: 29 Jul 1998 17:35:59 -0700
Sender: owner-ding@hpc.uh.edu
Message-ID: <m2sojkrx8w.fsf@altair.xemacs.org>
References: <m3lnpcp8nm.fsf@localhost.localdomain>
NNTP-Posting-Host: coloc-standby.netfonds.no
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
X-Trace: main.gmane.org 1035154745 23930 80.91.224.250 (20 Oct 2002 22:59:05 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Sun, 20 Oct 2002 22:59:05 +0000 (UTC)
Return-Path: <owner-ding@hpc.uh.edu>
Original-Received: from gwyn.tux.org (gwyn.tux.org [207.96.122.8])
	by altair.xemacs.org (8.9.1/8.9.1) with ESMTP id RAA13685
	for <steve@altair.xemacs.org>; Wed, 29 Jul 1998 17:39:34 -0700
Original-Received: from gizmo.hpc.uh.edu (gizmo.hpc.uh.edu [129.7.102.31])
	by gwyn.tux.org (8.8.8/8.8.8) with ESMTP id UAA08568
	for <steve@xemacs.org>; Wed, 29 Jul 1998 20:35:25 -0400
Original-Received: from sina.hpc.uh.edu (sina.hpc.uh.edu [129.7.3.5]) by gizmo.hpc.uh.edu (8.7.6/8.7.3) with ESMTP id TAT10757; Wed, 29 Jul 1998 19:06:37 -0500
Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Wed, 29 Jul 1998 19:32:07 -0500 (CDT)
Original-Received: from sclp3.sclp.com (root@sclp3.sclp.com [209.195.19.139]) by sina.hpc.uh.edu (8.7.3/8.7.3) with ESMTP id TAA13323 for <ding@hpc.uh.edu>; Wed, 29 Jul 1998 19:31:58 -0500 (CDT)
Original-Received: from altair.xemacs.org (steve@xemacs.miranova.com [206.190.83.19])
	by sclp3.sclp.com (8.8.5/8.8.5) with ESMTP id UAA29544
	for <ding@gnus.org>; Wed, 29 Jul 1998 20:31:54 -0400 (EDT)
Original-Received: (from steve@localhost)
	by altair.xemacs.org (8.9.1/8.9.1) id RAA13629;
	Wed, 29 Jul 1998 17:36:00 -0700
Mail-Copies-To: never
Original-To: ding@gnus.org
X-Face: (:YAD@JS'&Kz'M}n7eX7gEvPR6U1mJ-kt;asEc2qAv;h{Yw7ckz<7+X_SYeTNAaPui:e~x$
 ,A=gkt*>UPL/}\a/#C~v2%ETiAY_sx;xve0yL??JWTtX_-NUzXyP38UdW#cmN1\4(X!c3m#%IbtB-3
 Z-!xpZi!`E.s{(;aP=b11"!3wQu]1j@^V|;n=B|{l<bZV1.AI`zWV%kPCnUhcgEe\(}/_kNd6,*3ZJ
 Q3o<YQ3^u;7jS=:p0--u3msQO
X-Attribution: sb
In-Reply-To: Eze Ogwuma's message of "29 Jul 1998 23:57:49 +0100"
Original-Lines: 26
X-Mailer: Gnus v5.6.27/InfoDock 4.0.2
Precedence: list
X-Majordomo: 1.94.jlt7
Xref: main.gmane.org gmane.emacs.gnus.general:15765
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:15765

Eze Ogwuma <typhoon@dircon.co.uk> writes in ding@gnus.org:

> Hi,
> Does anyone have any thoughts on this and its possible interaction
> with Gnus and TM?

Brent Welch writes:
>> "Recent news articles about security flaws in Microsoft and Netscape mail
>> readers concern an attack on MIME handling.
>> Exmh implements MIME handling in Tcl code that is unaffected by
>> buffer overflow type attacks.  There are no fixed sized buffers
>> in the implementation of Tcl itself, so it is not possible to
>> trick Exmh into executing arbitrary code by sending it
>> MIME attachments with extremely long file names."


XEmacs 20.2 and 19.16 are vulnerable to stack overrun if
`directory-files' is passed an over-long name.  I see one usage of
`directory-files' in tmh-comp.el, but it is used with data typed in by 
a user instead of data extracted from a mail message.  This bug is
fixed in XEmacs 20.3 and 20.4.

Personally, I'm a lot more worried about specially constructed
images displayed in-line.  The XEmacs image code has never been
paranoid enough to satisfy my tastes, though it's better in the
current sources.