CAPEC Details
Name MIME Conversion
Likelyhood of attack Typical severity
High High
Summary An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Prerequisites The target system uses a mail server. Mail server vendor has not released a patch for the MIME conversion routine, the patch itself has a security hole or does not fix the original problem, or the patch has not been applied to the user's system.
Execution Flow
Step Phase Description Techniques
1 Explore Determine whether the mail server is unpatched and is potentially vulnerable to one of the known MIME conversion buffer overflows (e.g. Sendmail 8.8.3 and 8.8.4).
2 Explore Identify places in the system where vulnerable MIME conversion routines may be used.
3 Exploit Send e-mail messages to the target system with specially crafted headers that trigger the buffer overflow and execute the shell code.
Solutions Stay up to date with third party vendor patches From "Exploiting Software", please see reference below. Use the sendmail restricted shell program (smrsh) Use mail.local
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Related CAPECS
CAPEC ID Description
CAPEC-100 Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.