| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200307231442.h6NEg63b060194@mailserver2.hushmail.com> From: mrichard91 at hushmail.com (mrichard91@...hmail.com) Subject: Virii that can exploit email server? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While I'm unaware of any current virus that exhibits this behavior there is a reasonable possibility to create one. This possibility relies upon 1 of 2 conditions existing on the mail server: 1) A message parsing vulnerability such as the recent sendmail vulnerability see http://www.securityfocus.com/bid/6991/discussion/ 2) The server performs some message processing such as virus scanning or spam checking. This could exploit an application used in the processing such as unzip, see http://www.securityfocus.com/bid/7550/discussion/ Since in both exploits the server is infected while processing part of the message it may be possible for the message to still reach a recipient and contain a 2nd virus payload. Of course exploiting #1 and #2 requires targeting a specific email server or package on a specific platform. It would seem that this attack vector leads to the possibility of remotely exploiting virus scanning engines and other tools that are used on mail servers. mrichard >Is anyone aware of a virus, transmitted via email, that is able to >exploit the email server it resides on? > >Eg: > >User A is infected by virus >User A sends email to friend >Virus follows email and is stored on Email Server A >Virus exploits Email Server A, infects other emails, causes world >domination, etc. > >As far as I know this is not possible because the MTA should treat >the virus as data, not code. Have there been any known cases of the >above? I have done some research on Symantec's virii database, asked >around, etc. and haven't heard of anything. > >Thanks, > >Joshua Thomas >Network Operations Engineer >PowerOne Media, Inc. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8enrsACgkQr4Naal5vyKezcACfb8O0F14frcb/2/z74/YPbTdWP40A oIqpNNwDhaCSjREWGrQ6FllilIuN =K6cw -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists