Subject: | |
From: | |
Reply To: | |
Date: | Tue, 25 Apr 1995 08:07:28 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Stan Sieler writes:
>Although I can postulate a mail system that could, indeed, be affected
>by such mail...I don't think any actually exist. (E.g., a mail system
>that allows a mail message to request that text be somehow executed
>as code.)
This isn't quite correct. The Internet worm operated in exactly this
fashion. The worm's "egg" was an email message that didn't fit
SMTP specs: one line was intentionally too long and contained
binary data. Since sendmail didn't check for lines that were too
long, this line overran the input buffer and overlaid some code in
sendmail. When this code got control, the worm had control, and could
then read its code from the rest of the message.
This is clearly not an attack that would work under the circumstances
described in the message forwarded by Isaac. The memo describes a
attack that works on many different computers; the Internet worm
was specific not only to one particular computer but to a particular
mail program. Also, as Stan indicates elsewhere in his message,
there are many other indications that the forwarded memo was a
hoax.
-- Bruce Toback
[log in to unmask]
|
|
|