lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0I9900A4MAULO6C0@i_mtaout2.012.net.il>
From: avivra at 012.net.il (Aviv Raff)
Subject: Internet Explorer FTP client can be used to	send
	mail

Isn't Konqueror a "free software"? 
So, where's the "attached patch"? 

Also confirmed on IE6.0.2900.2180 (XPSP2).

Spammers does not have to use images... 
In addition to the IMG tag, this also applies to:
1) SRC attribute of SCRIPT, XML, INPUT (only when type=image), IFRAME,
FRAME, BGSOUND and EMBED tags. IFRAME and FRAME tags will show an error
message.
2) HREF attribute of LINK tag, but only when the REL="stylesheet". 
3) BACKGROUND attribute of TABLE, TH and TD tags, and with CSS -
"background:url(ftp://...)."
4) DYNSRC attribute of IMG tag.
 
-- Aviv Raff
>From "Zen and the Art of Why Linux Sucks": "Ahh.. Can you feel the smell of
the 'open source' zealots in the morning?".
 
-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Ian Gulliver
Sent: Friday, December 24, 2004 4:25 PM
To: full-disclosure@...ts.netsys.com
Cc: bruns@...it.com
Subject: Re: [Full-Disclosure] Internet Explorer FTP client can be used to
send mail

> Product: Microsoft Internet Explorer
> Version: 6.0.2800.1106, 6.0.2900
> 
> Product: Microsoft Outlook Express
> Version: 6 SP1 Win2K (reported by Brian Bruns)
> 
> Description:
> Internet Explorer can be tricked into sending mail through its FTP client
without any more user interaction than loading a page.
> 
> Details:
> Internet Explorer will accept %0a and %0d in URLs.  In FTP URLs, it will
accept them in the username part of the URL.  Due to the similarity between
the FTP and SMTP protocols, this can be used to send mail.
> 
> Danger:
> Spammers could host websites that contain images causing website visitors
to spam more people.  There are probably other protocols that the FTP client
could be used to maliciously access.
> 
> Example:
> http://dsbl.org/testingground/IE-FTP-SMTP-link/
> 
> Fix:
> Connections to port 25 should be blocked (ala lynx) and newline
characters, post-decoding, shouldn't be accepted in places where they
represent protocol delimiters.
> 
> Vendor notification:
> None; patch would be attached if this was free software.

Emanuele Balla reports the Konqueror 3.2 is also vulnerable.

--
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ