User: Password:
|
|
Subscribe / Log in / New account

Security

Brief items

A roundup of other email proposals

June 28, 2006

This article was contributed by Jake Edge.

Over the past two weeks, this page has looked at two of the more widely known proposals for improving the email infrastructure: Sender Policy Framework (SPF) and Domain Keys (DK). This week will conclude the series by looking at a few lesser known proposals and describe the kinds of problems they are meant to solve.

Due to joe jobs and other spammer tricks, sites can sometimes be overwhelmed with bounce messages from emails that they did not send. Two proposals provide ways for the receivers of bounce messages (i.e. the domain that purportedly sent the original message) to recognize invalid bounces before accepting the email. Both Signed Envelope Sender (SES) and Bounce Address Tag Validation (BATV) are focused on eliminating invalid bounce messages.

Both techniques rely on using a uniquely generated envelope sender for each outgoing mail, typically with a one-way hash or cryptographic mechanism that can be verified by the sending Mail Transfer Agent (MTA). When a bounce message arrives, it will have a null envelope sender (to prevent loops) and an envelope recipient. If the MTA cannot verify the envelope recipient as one of the uniquely generated addresses, it can reject the email before receiving the DATA portion. This protection against invalid bounce messages is one that can be unilaterally implemented by a sending domain and will benefit that domain without requiring any cooperation from other MTAs.

Both SES and BATV have ways to generate envelope sender addresses that allow intermediary MTAs to verify the sender and determine if the email was truly sent by the domain that purports to have sent it. In addition, any hosts that use SMTP sender address verification will be able to reject forged email envelope sender addresses in domains that use SES/BATV because the verification will fail for addresses that are not correctly generated.

Certified Server Validation (CSV) is a technique that can arguably replace all of the trust evaluation that SPF provides, but can do it in a more straightforward manner. By using the hostname given in the SMTP HELO/EHLO command and a SRV record that has been queried from the DNS, a receiving MTA can determine if the sending host has correctly identified itself. In addition, the DNS record will indicate whether the host is authorized to transfer mail for the domain.

All of the proposals and techniques that have been described in these three articles are incremental changes to thwart one or more deficiencies in the original design of SMTP. Because it was designed at a time when there were few, if any, malicious users of the internet, security and authentication were not major considerations.

More radical, non-incremental, changes to how email is handled, such as Daniel J. Bernstein's Internet Mail 2000 (IM2000) have been proposed, but would require a wholesale shift in MTA and Mail User Agent (MUA) software to implement them. Instead of email receivers storing messages, IM2000 requires senders to store the messages and, at least partially, attempts to burden the sender with the costs of the email, rather than today's system which really only burdens the recipient. A descendant of IM2000 called Differentiated Mail Transfer Protocol (DMTP) is currently being worked on as a potential internet standard.

Even if some SMTP alternative were to become an internet standard, it remains to be seen how many users and mail servers would make the switch. SMTP has a huge amount of inertia behind it and any replacement is likely to be a long time in coming and have an adoption rate reminiscent of IPv6.

Comments (4 posted)

New vulnerabilities

EnergyMech: denial of service

Package(s):emech CVE #(s):
Created:June 27, 2006 Updated:June 28, 2006
Description: A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a denial of service.
Alerts:
Gentoo 200606-26 emech 2006-06-26

Comments (none posted)

Hashcash: possible heap overflow

Package(s):hashcash CVE #(s):CVE-2006-3251
Created:June 27, 2006 Updated:July 21, 2006
Description: Andreas Seltenreich has reported a possible heap overflow in the array_push() function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRAY" structure.
Alerts:
Debian DSA-1114-1 hashcash 2006-07-21
Gentoo 200606-25 hashcash 2006-06-26

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-2445 CVE-2006-2448 CVE-2006-3085
Created:June 23, 2006 Updated:August 11, 2006
Description: There is a race condition error in the "posix-cpu-timers.c" script that does not prevent another CPU from attaching the timer to an exiting process. This could be exploited by attackers to cause a denial of service.

A flaw due to errors in "powerpc/kernel/signal_32.c" and "powerpc/kernel/signal_32.c" could allow userspace to provoke a machine check on 32-bit kernels.

An infinite loop in "netfilter/xt_sctp.c" could be exploited by attackers to exhaust all available memory resources, creating a denial of service condition.

Alerts:
SuSE SUSE-SA:2006:047 kernel 2006-08-11
Red Hat RHSA-2006:0575-01 kernel 2006-08-10
Mandriva MDKSA-2006:123 kernel 2006-07-13
rPath rPSA-2006-0110-1 kernel 2006-06-23
Trustix TSLSA-2006-0037 kernel, netpbm 2006-06-23

Comments (none posted)

mutt: IMAP namespace buffer overflow

Package(s):mutt CVE #(s):CVE-2006-3242
Created:June 28, 2006 Updated:October 24, 2006
Description: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. See this Secunia advisory for more information.
Alerts:
Fedora FEDORA-2006-1061 mutt 2006-10-24
Slackware SSA:2006-207-01 mutt 2006-07-27
OpenPKG OpenPKG-SA-2006.013 mutt 2006-07-15
SuSE SUSE-SR:2006:016 acroread, libpng, wget, mutt, horde 2006-07-14
Red Hat RHSA-2006:0577-01 mutt 2006-07-12
Debian DSA-1108-1 mutt 2006-07-11
Fedora FEDORA-2006-761 mutt 2006-06-29
Fedora FEDORA-2006-760 mutt 2006-06-29
Trustix TSLSA-2006-0038 gd, mutt 2006-06-30
rPath rPSA-2006-0116-1 mutt 2006-06-29
Mandriva MDKSA-2006:115 mutt 2006-06-28
Gentoo 200606-27 mutt 2006-06-28
Ubuntu USN-307-1 mutt 2006-06-28

Comments (none posted)

mysql: denial of service

Package(s):mysql CVE #(s):CVE-2006-3081
Created:June 23, 2006 Updated:July 18, 2006
Description: Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
Alerts:
Debian DSA-1112-1 mysql-dfsg-4.1 2006-07-18
Ubuntu USN-306-1 mysql-dfsg-4.1 2006-06-27
Mandriva MDKSA-2006:111 MySQL 2006-06-23

Comments (none posted)

pinball: privilege escalation

Package(s):pinball CVE #(s):CVE-2006-2196
Created:June 26, 2006 Updated:June 28, 2006
Description: Pinball, a pinball game simulator, has a privilege escalation vulnerability in which the application can be tricked into loading level plugins from user-controlled directories without dropping its privileges.
Alerts:
Debian DSA-1102-1 pinball 2006-06-26

Comments (none posted)

png: buffer overflow

Package(s):png CVE #(s):
Created:June 28, 2006 Updated:June 28, 2006
Description: The Portable Network Graphics (PNG) library contains a vulnerability caused by a potential sprintf(3) related buffer overflow.
Alerts:
OpenPKG OpenPKG-SA-2006.011 png 2006-06-28

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Kernel development>>


Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds