* This is the vopmailbeta mailing list *
The problem described with the period in the header has nothing to do with Outlook. Other clients will hang also. The problem is that a single period only belongs at the end of the message and there should never be one in the header. We beat this silly months ago in the Modus list and once I could reproduce the problem at will Vircom was able to release a patch. We have not had a single message hang in the many months that we have been patched. Prior to the patch we had messages getting stuck every day, it was driving my support staff insane. One person quit because of it. John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Customer Support Sent: Wednesday, December 18, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: [VOPmail Beta] disappointment * This is the vopmailbeta mailing list * I'm reposting information that was sent to us a couple of weeks ago by Ronnie Franklin. Microsoft acknowledged there's a problem in the way that Outlook 2002 processes headers and created a patch: -----Original Message----- From: Microsoft [mailto:[EMAIL PROTECTED] osoft.com] Sent: Wednesday, December 04, 2002 9:49 PM Subject: Microsoft Security Bulletin MS02-067: E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866) -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866) Date: 04 December 2002 Software: Microsoft Outlook 2002 Impact: Denial of Service Max Risk: Moderate Bulletin: MS02-067 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS02-067.asp http://www.microsoft.com/security/security_bulletins/MS02-067.asp - ---------------------------------------------------------------------- Issue: ====== Microsoft Outlook provides users with the ability to work with e-mail, contacts, tasks, and appointments. Outlook e-mail handling includes receiving, displaying, creating, editing, sending, and organizing e-mail messages. When working with received e-mail messages, Outlook processes information contained in the header of the e-mail which carries information about where the e-mail came from, its destination, and attributes of the message. A vulnerability exists in Outlook 2002 in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook 2002 client would again function normally. Mitigating Factors: ==================== - Outlook 2002 clients connecting to e-mail servers using the MAPI protocol are not affected. Only Outlook 2002 clients using POP3, IMAP, or WebDAV protocols are vulnerable. - The vulnerability does not affect Outlook 2000 or Outlook Express. - The vulnerability is a denial of service vulnerability only. The attacker would not be able to access the user?s e-mail or system in any way. The vulnerability could not be used to read, delete, create, or alter the user?s e-mail. - If an attacker was able to send a specially malformed e-mail that successfully exploited this vulnerability, the specially malformed e-mail could be deleted either by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express. Once the specially malformed e-mail has been removed, normal operation would resume. Risk Rating: ============ - Moderate Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms02-067.asp for information on obtaining this patch. Acknowledgment: =============== - Richard Lawley Margot MacNutt Vircom Technical Support Phone: (514) 845-8474 Email: [EMAIL PROTECTED] ----- Original Message ----- From: "Phil Hart" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 18, 2002 9:57 AM Subject: [VOPmail Beta] disappointment > * This is the vopmailbeta mailing list * > > > I just want to say this. I had a customer who couldn't get an email. > Check the msg file and it has a bad header, it has only part of a > header, and a ending . on a line by itself in the middle of the header. > Removed this message from their inbox and they can get mail fine. > I put the same message in my inbox and checked it. My client received > all my emails fine, didn't stop on the bad message, but never even > showed the bad message. All messages were removed from my inbox > directory, so I know it got it. I'm using Outlook 2002. > > I guess my point is it also has a lot to do with the client. I'd like > to do more testing with different clients, and I don't know what client > the original customer had. > > You may also be interested in this > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur > ity/bulletin/MS02-067.asp > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Administrator > Sent: Wednesday, December 18, 2002 6:18 AM > To: [EMAIL PROTECTED] > Subject: [VOPmail Beta] disappointment > > * This is the vopmailbeta mailing list * > > > firstly let me apologies if there has been a fix to this problem but I > don't > believe there has been > Sure I have an older version of vopmail, my understanding is that it has > not > been fixed in the new versions > > I have just lost another customer due to mail getting stuck and not > being > able to be retrieved > due to malformed headers spam whatever > > please advise if there has been a fix or when we can expect one > > > regards > > Tim > > > ** > To leave this list, send an email to [EMAIL PROTECTED] > and put the word "LEAVE" in the BODY of the email. > > > ** > To leave this list, send an email to [EMAIL PROTECTED] > and put the word "LEAVE" in the BODY of the email. > ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email. ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email.
