Hi Philip. Thanks. FYI, it was posted, and independently confirmed, on
BugTraq this AM, PST, and Microsoft and NAI notified, (as I understand
it, NAI already has/had a fix-I don't know about any other scanners.)
It had been discussed for about two days-apparently, the problem has
been known for sometime, but since BadTrans.B, (probably,) exploits
the problem, it has moved to the forefront.
John
BTW, you are probably correct. As nearly as I can tell by testing
Win98's Outlook Express, (I don't know about other versions-but the
BugTraq dialog referenced other versions,) a trailing ';' character is
a line-continuation-character in e-mail headers as far as Outlook is
concerned. This may be an issue when using formail(1) from the
procmail suite, and potentially create issues with procmail itself,
which is fairly 822 compliant.
Philip Guenther writes:
According to the standards governing email messages, the message did
*not* contain an attachment. It thereby evaded two mail filters, one in
procmail and one in NAI's WebShield product. That Outlook interpreted
it as an attachment is a security hole in Outlook and someone should
a) confirm it by testing on the specified version of Outlook (or Outlook
Express?), as well as the current (patched) version
b) if it still exists, inform security(_at_)microsoft(_dot_)com
c) request details of under what circumstances the buggy program will
misinterpret messages in this way (this is required so that people
writing filters can extend their protection to unpatched versions
of Outlook)
d) post to bugtraq (possibly after waiting for Microsoft to patch Outlook)
--
John Conover, conover(_at_)rahul(_dot_)net, http://www.johncon.com/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail