lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1109378733.5975.56.camel@localhost.localdomain>
From: khermansen at ht-technology.com (Kristian Hermansen)
Subject: Novell/Ximian Evolution multiple text attachments
	DoS

==================
=====Analysis=====
==================
I just wanted to inform users of Ximian Evolution 2.0 software that
there exists a way to temporarily DoS the local application and/or
machine by attaching an absurd amount of .ezm files to a normal email.
It seems that Evolution tries to interpret all these attachments and
will actually display them if it determines they are text.  The problem
comes when Evolution is sent an email with say, greater than 1000 .ezm
attachments, and the application tries to unroll them all before
allowing you to do anything else within the application.  These .ezm
files are usually created by the EZ Mailing List Manager software, but
one may custom design their own to execute the DoS attack.  There seem
to be other attachment types that can be used as well, as long as
Evolution tries to unroll them for view in the message window.

==================
===Implications===
==================
The attack is not sophisticated and Evolution will eventually interpret
all of the attachments -- but until that time (very long), it would
appear to the user that the application has crashed and is unresponsive.
A future attack method that exploits flaws in the attachment renderer
could be combined with this DoS attack to confuse the user while running
some malicious script in the background.

==================
=====Affected=====
==================
Tested on Evolution <=2.0.2
Note: higher versions may still be affected

==================
=====Solution=====
==================
Unknown for now.  Will check out CVS, and if time, issue patch.
-- 
Kristian Hermansen <khermansen@...technology.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050225/15b59263/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ