Full Disclosure mailing list archives
Virii that can exploit email server?
From: <mrichard91 () hushmail com>
Date: Wed, 23 Jul 2003 07:42:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While I'm unaware of any current virus that exhibits this behavior there is a reasonable possibility to create one. This possibility relies upon 1 of 2 conditions existing on the mail server: 1) A message parsing vulnerability such as the recent sendmail vulnerability see http://www.securityfocus.com/bid/6991/discussion/ 2) The server performs some message processing such as virus scanning or spam checking. This could exploit an application used in the processing such as unzip, see http://www.securityfocus.com/bid/7550/discussion/ Since in both exploits the server is infected while processing part of the message it may be possible for the message to still reach a recipient and contain a 2nd virus payload. Of course exploiting #1 and #2 requires targeting a specific email server or package on a specific platform. It would seem that this attack vector leads to the possibility of remotely exploiting virus scanning engines and other tools that are used on mail servers. mrichard
Is anyone aware of a virus, transmitted via email, that is able to >exploit
the email server it resides on?
Eg: User A is infected by virus User A sends email to friend Virus follows email and is stored on Email Server A Virus exploits Email Server A, infects other emails, causes world >domination,
etc.
As far as I know this is not possible because the MTA should treat >the
virus as data, not code. Have there been any known cases of the >above? I have done some research on Symantec's virii database, asked >around, etc. and haven't heard of anything.
Thanks, Joshua Thomas Network Operations Engineer PowerOne Media, Inc.
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8enrsACgkQr4Naal5vyKezcACfb8O0F14frcb/2/z74/YPbTdWP40A oIqpNNwDhaCSjREWGrQ6FllilIuN =K6cw -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Virii that can exploit email server? Joshua Thomas (Jul 22)
- <Possible follow-ups>
- Re: Virii that can exploit email server? northern snowfall (Jul 22)
- Virii that can exploit email server? mrichard91 (Jul 23)