6.0.0-git
2018-12-15

[#14748] mailsploit vulnerability
Summary mailsploit vulnerability
Queue IMP
Queue Version 6.2.21
Type Bug
State Unconfirmed
Priority 1. Low
Owners
Requester sca (at) andreasschulze (dot) de
Created 2017-12-05 (375 days ago)
Due
Updated 2017-12-06 (374 days ago)
Assigned
Resolved
Milestone
Patch No

History
2017-12-06 12:23:31 sca (at) andreasschulze (dot) de Comment #2 Reply to this comment

[Show Quoted Text - 12 lines]
there is a MAAWG Recommendation document:
https://www.m3aawg.org/sites/default/files/m3aawg-unicode-best-practices-2016-02.pdf

2017-12-05 21:47:17 sca (at) andreasschulze (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ mailsploit vulnerability
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
New Attachment: mailsploit.png Download
Reply to this comment
many client are affected by 'mailsploit': https://www.mailsploit.com/index

Basically the attacker uses special characters inside encoded words to 
spoof the sender:

From: 
=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com

Such header naively decoded incorrectly is:
potus@whitehouse.gov\0potus@whitehouse.gov@mailsploit.com

IMP fail to decode / parse the RFC5322.From Header correctly

Saved Queries