Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Virii that can exploit email server?

From: <mrichard91 () hushmail com>
Date: Wed, 23 Jul 2003 07:42:05 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While I'm unaware of any current virus that exhibits this behavior there
is a reasonable possibility to create one.  This possibility relies upon
1 of 2 conditions existing on the mail server:

1) A message parsing vulnerability such as the recent sendmail vulnerability
see http://www.securityfocus.com/bid/6991/discussion/

2) The server performs some message processing such as virus scanning
or spam checking.  This could exploit an application used in the processing
such as unzip, see http://www.securityfocus.com/bid/7550/discussion/

Since in both exploits the server is infected while processing part of
the message it may be possible for the message to still reach a recipient
and contain a 2nd virus payload.  Of course exploiting #1 and #2 requires
targeting a specific email server or package on a specific platform.

It would seem that this attack vector leads to the possibility of remotely
exploiting virus scanning engines and other tools that are used on mail
servers.

mrichard


Is anyone aware of a virus, transmitted via email, that is able to >exploit

the email server it resides on?


Eg:

User A is infected by virus
User A sends email to friend
Virus follows email and is stored on Email Server A
Virus exploits Email Server A, infects other emails, causes world >domination,

 etc.


As far as I know this is not possible because the MTA should treat >the

virus as data, not code. Have there been any known cases of the >above?
I have done some research on Symantec's virii database, asked >around,
 etc. and haven't heard of anything.


Thanks,

Joshua Thomas
Network Operations Engineer
PowerOne Media, Inc.

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj8enrsACgkQr4Naal5vyKezcACfb8O0F14frcb/2/z74/YPbTdWP40A
oIqpNNwDhaCSjREWGrQ6FllilIuN
=K6cw
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: