funsec mailing list archives

RE: 2 critical vulns and the clock is ticking..[Fwd: [EEYEB-2000801]]

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 10 Jan 2006 22:10:49 -0500

Thanks for the background.  Is there anyway to find out all the flavors of
MIME types that Outlook and Outlook Express will accept as email messages?
Can everything but plain text and HTML then be turned off in Outlook and
Outlook Express?

Richard 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Matthew Murphy
Sent: Tuesday, January 10, 2006 7:02 PM
To: funsec () linuxbox org
Subject: Re: [funsec] 2 critical vulns and the clock is ticking..[Fwd:
[EEYEB-2000801]]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Gadi Evron wrote:

OK, so we have an advisory for this. Fun.

Any idea about the NGSsoftware one?

    Gadi.


It appears that NGSSoftware's report is related to the TNEF functionality
that supports embedding COM/OLE/ActiveX objects into RTF e-mail.  The MS
bulletin states that TNEF files can contain "malicious OLE objects" which I
take to mean you can embed items that, when viewing on them is triggered,
execute code that may not be safe for a mail-reading environment.

Exactly what that has to do with Exchange Server's role in processing routed
TNEF-encoded e-mail, I have no idea.

TNEF is only used to encode e-mail in Microsoft's proprietary "Rich Text"
format, which is a heavily-extended RTF.  Due to the information leakage and
incompatibility of TNEF with standards-compliant e-mail readers, most
servers and most users shouldn't have a need to send or receive RTF e-mail
with attached TNEF formatting information.

Stripping the relevant MIME type (I believe, application/x-ms-tnef) should
be sufficient.  It will reduce potentially-nasty RTF-encoded e-mail to
standard plain text.

- --
"Social Darwinism: Try to make something idiot-proof, nature will provide
you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDxErrfp4vUrVETTgRA0KsAJ9db/mSRDl7luRN8QzicoN9JpUlewCfbzPD
uPUxmEluYbrlQGVVgxX3nTA=
=GunB
-----END PGP SIGNATURE-----
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]] Gadi Evron (Jan 10)
- Re: 2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]] Mike Owen (Jan 10)
- Re: 2 critical vulns and the clock is ticking.. [Fwd: [EEYEB-2000801]] Matthew Murphy (Jan 10)
  - RE: 2 critical vulns and the clock is ticking..[Fwd: [EEYEB-2000801]] Richard M. Smith (Jan 10)
    - Re: 2 critical vulns and the clock is ticking..[Fwd: [EEYEB-2000801]] Valdis . Kletnieks (Jan 10)