Telecom
and Logistics AssociatesPhone +41 22 328 14 88 Security news service updated
Telecom
and Logistics Associates
Phone +41 22 328 14 88 Security news service
updated
Author : Christian ALT: calt@tla.ch go to Firewall-1 support
Date : 9.8.98 other Security alerts can ge found at http://www.tla.ch/alert
All of the credit of this alert goes to Richard M. Smith rms@PHARLAP.COM
Attaque description: Activating an embedde URL in a E-mail message
with Eudora. This hole allows a malicious person to create a booby-trapped Email message
that will run a Windows executable program attached to the message. All that is required
to activate the booby-trap is for the person reading the Email message to click on a link
in the text of the message. The link appears in the message text as a legitimate
link to a page or article
This goes undiscovered by Firewall-1. It is a matter of content checking. Most site will
be vulnerable since they have Firewall-1 rules of type and do not remove content of type JavaScript, Java, and ActiveX.
The lesson from this bug is that its a really bad idea for an Email
reader to automatically
execute JavaScript, Java, and ActiveX in Email messages
| source | destination | service | action | log |
| any | SMTP | accept | long log | |
| group_internal_ host | any | HTTP | accept | long log |
or rules of type
| source | destination | service | action | log |
| group_internal_ host | any | POP3 IMAP4 | accept | long log |
| group_internal_ host | any | HTTP | accept | long log |
Additional description information:
As you may or may not know, IE is little more than a wrapper around the MS HTML rendering component. Many other vendors, including Qualcomm, find it easy to reuse this component to display HTML instead of having to write their own HTML rendering engine or to license one from a third party. The HTML components has many options, including whether to turn on or off things like Java/JavaScript. It should be noted that any products using the HTML component may also fail to turn of things like Java and JavaScript and may be vulnerable to similar attacks.
Vulnerable : Windows 95 version of Eudora
4.0 and 4.01.
Solutions: several solutions exists, solve it centrally or go to each client
and patch each workstation
1. A quick and effectiv countermeasure was proposed that will avoid patching all
clients by using Procmail
It is a filter program running on a Unix server or workstation.
Refer to our TLAalert :
Or drop by http://www.wolfenet.com/~jhardin/procmail-security.html
2. A new version of Qualcom Eudora is available
TLAalert: Is a service of Telecom and Logistics Associates to inform our customer about security improvment at their sites. If you want to receive specific security information regarding your site contact
Telecom and Logistics Associates SARL , Contact: calt@tla.chCopyright © 1998 Telecom and Logistics Associates SARL
All brand names are trademarks or registered trademarks of their respective holders.