User: Password:
Subscribe / Log in / New account

Trusting user-supplied data...

Trusting user-supplied data...

Posted May 3, 2014 13:52 UTC (Sat) by dskoll (subscriber, #1630)
In reply to: Trusting user-supplied data... by rsidd
Parent article: A preview of HyperKitty's reimagined mailing list interface

The exploit is being able to replace the content of an archived message with your own content.

For example, let's say on a security mailing list, someone posts a critical patch for an important piece of software. And an attacker posts an alternate version of the patch that leaves a hole open. Anyone searching the list archive for the patch will get the bad patch instead of the good one.

(Log in to post comments)

Trusting user-supplied data...

Posted May 3, 2014 14:20 UTC (Sat) by rsidd (subscriber, #2582) [Link]

Being able to replace a message is indeed bad. I didn't read carefully enough to notice that, I guess. I assumed that either all messages would be shown, or, in searching by message-id, one (presumably the first) would be shown.

Trusting user-supplied data...

Posted May 5, 2014 22:19 UTC (Mon) by anguslees (subscriber, #7131) [Link]

... So if the archive discards later duplicates (rather than overwrites earlier entries), have we addressed this issue? (Are there muas with predictable message ids that are worth attacking in this way?)

Trusting user-supplied data...

Posted May 5, 2014 22:22 UTC (Mon) by dlang (subscriber, #313) [Link]

I don't know specific names, but given the horrific problems I've seen in this area, I'd bet that there are MUAs that do have predictable message IDs

worth attacking? that depends who uses them.

Trusting user-supplied data...

Posted Jan 13, 2018 14:40 UTC (Sat) by cjwatson (subscriber, #7322) [Link]

Looking at the code, it seems reasonably clear that HyperKitty will discard later duplicates.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds