Bugtraq mailing list archives
Re: Microsoft Outlook (Express) bug..
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Fri, 9 Jun 2000 21:57:16 -0700
Summary of messages in this thread. Steve Wolfe <steve () iboats com>: I tried to recreate this on our mail server, and Outlook didn't complain at all. Here's the config: mail server: qmail POP server: qmail-pop3d message delivery format: qmail's "Maildir" format MUA: Outlook Express 5.0 So... it sounds like the discrepency could be from the version of Outlook, or even (possibly) from the POP/IMAP server. Interesting... Travis Ogdon <togdon () easystreet com>: This is also true for all messages with the following invalid headers: Return-Path: <> From: <> Whenever we see SPAM like this coming in we must actually remove it from our users mailboxes in order for them to check their mail. I believe that the bug exists in Outlook97 as well, and may actually be fixed in more recent versions of Outlook Express. Outlook97 always seems to be our biggest problem. Matthew J. Brown <mb () skypoint com>: I just tried it on Outlook 97 8.02.4212, and it actually crashed Outlook. I'm going to assume that the customers who are having trouble with this are using a version in that same era.. Tillman <tillman () hodgsonhouse com>: I was unable to confirm this vulnerability. The version of Outlook Express tested was 5.002314.1300. Bringing up the properties for the email in Outlook Express confirmed that it saw a blank bcc: and reply-to: line. It was, however, able to successfully receive email after having received this email. Nick FitzGerald <nick () virus-l demon co uk>: I tried it here against a Win32 POP3 server on the local test network and Outlook 98 (8.5.5104.6 according to Help/About) and OE 5.0 (5.00.2314.1300). Both mail clients happily snarfed all messages with blank Reply-to: and/or BCC: headers. Vyacheslav O. Myskin <mvo () sinor ru>: Everything works fine with this message. Outlook Express 4.72.3612.1700 , Windows 98, Cyrus IMAP/pop3 1.5.19. Andreas Lund <floyd () atc no>: When something is unbelieveable, it's usually because one has missed something. Lots and lots of auto-generated email from web-based services etc. leave these fields blank, and in my experience OE is fully capable of downloading those messages just like any others. (Sorry... ;-) What kind of mail server are we talking about here? Have you tried using a different one? Matthew J. Brown <mb () skypoint com>: I'm using Sendmail, so I have a hard time believing that that is the cause of this. I have been talking to a few other ISP's around the country, and they too have had this problem. None of our software is exactly the same though. Granted, most of them are running sendmail, but the pop3 servers vary. I've recently found out that Exchange may also be vulnerable to this. I'm going to look into that a bit more today. So far, we've discovered that 5.x does not appear to be vulnerable, however the 8.x build is a different story. I've tried it on 8.02.4212, and it crashes when it recieves that type of e-mail. Also, thanks to Travis Ogdon (togdon () easystreet com), we've found out that "Return-Path:" and "From:" being null will also cause this problem. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Microsoft Outlook (Express) bug.. Matthew J. Brown (Jun 05)
- <Possible follow-ups>
- Re: Microsoft Outlook (Express) bug.. Elias Levy (Jun 09)
- Re: Microsoft Outlook (Express) bug.. Frederik Lindberg (Jun 11)