CAPEC-42: MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Last updated
Overview
CAPEC-42 (MIME Conversion) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Identify target mail server] The adversary identifies a target mail server that they wish to attack.
- Use Nmap on a system to identify a mail server service.
- Step 2Explore
[Determine viability of attack] Determine whether the mail server is unpatched and is potentially vulnerable to one of the known MIME conversion buffer overflows (e.g. Sendmail 8.8.3 and 8.8.4).
- Step 3Experiment
[Find injection vector] Identify places in the system where vulnerable MIME conversion routines may be used.
- Step 4Experiment