procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Dangers of discarding duplicated messages

2005-02-18 07:15:55
from [Dallman Ross] [Permanent Link] 
On Fri, Feb 18, 2005 at 12:29:34AM +0100, Ruud H.G. van Tol wrote:

From bugtraq:


<quote>

Some people use programs as part of their email delivery that
automatically discard duplicate messages (e.g. sent to two mailing
lists the receiver is both subscribed to) based on their Message-ID.

Currently, someone on linux-kernel automatically sends an email to
everyone who sent an email to linux-kernel with the same Message-ID as
the original email. If this email is faster than the original email
(which happens quite often in this example), a program that
automatically discards duplicate emails based on the message ID discards
the original email.

But even more severe attacks are thinkable:

If you can guess the message ID (since many MUAs have predictable
message IDs), an attacker C could use this to suppress a message from
person A to person B by sending an email with the message ID to person B
before person B gets the email from person A.

An example:

If person A uses a MUA that encodes only the current time in seconds
plus a constant string (e.g. the hostname) in the Message-ID and
person B uses a spam filter after the discarding of the duplicate
messages, attacker C could suppress any message person A would send to
person B between 10 and 11 o'clock today by sending 3600 obvious [1]
spam emails with all possible message IDs before 10 o'clock. Since the
spam filter has catched the malicious emails it's quite possible that
person B will not notice the 3600 emails.

It seems to be required that programs that automatically discard
duplicate messages have to use a checksum over the body and part of the
header of the emails instead of relying on the message ID.

cu
Adrian


The conclusion in the final paragraph, I find not to be entirely useful.
Duplicate messages rarely are absolutely identical in terms of
perfectly matching headers.  Even the body can differ, in that
list identifiers are often added to the bottom, and so on.

I understand the danger being described.  But I think it is
just another example of a solution looking for a problem.  We
can think of innumerable theoretical problems.  They become
actual problems when someone actually takes advantage of them.

-- 
dman

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Works on telnet but..., NM Public
Next by Date:  Re: Works on telnet but..., David W. Tamkin
Previous by Thread:  Dangers of discarding duplicated messages, Ruud H.G. van Tol
Next by Thread:  Re: Dangers of discarding duplicated messages, Justin Gombos
Indexes:  [Date] [Thread] [Top] [All Lists]