Re: Patch against X-BAT-FILES?

Tue, 7 Mar 2000 02:11:57 -0800 

Hello noniq, 


n> 1. Then forwarding message with attachment this header isn't stripped.
n> This  fact  allows  recipient  of  the  forward  to  know the physical
n> location  of  the  user's  incoming files. This can be very useful for
n> attack  like  in  "Georgi  Guninski  security  advisory  #8, 2000" ;-)
n> because  you  can  send  any file to user and you will know where this
n> file will be located.

This problem will be eliminated in the oncoming release. But - hey, do
you forward messages to unknown people and do not even look that they
contain some files? Of course, there are many people who are ignorant
enough to open attachments from unknown sources, but how many people
would forward a message to an unknown person?


n> 2. "The Bat!" doesn't check headers of the incoming message to contain
n> this header (and this is even more dangerous). Intruder can spoof this
n> header, for example to specify
n>     X-BAT-FILES: C:\WINDOWS\user.dat
n> in  message  headers.  In  this  case  user.dat will appear as message
n> attachment!  If  recipient  will forward this message user.dat will be
n> attached  to forward. If recipient will delete this message and option
n> "Delete  attached  file  then  message  deleted  from trash folder" is
n> checked C:\WINDOWS\user.dat will be deleted.

This simply is not true. The Bat! cannot delete a file located outside
the attachment directory. I would delete half of my files otherwise
:-) Moreover, I have a creeping suspicion that the option to delete
attached files when the containing messages are deleted from Trash is
ignored - if so, it will be fixed, I promise :-)




Sincerely,
 Stefan         

...Klingon error: Strike any other user to continue. 

-- 
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------

You are subscribed as : [email protected]

Reply via email to