PDA

View Full Version : Outlook 'CR' Vulnerability


MacMaelstrom
Jul 23, 2003, 11:59 AM
Just wondering :confused: if anyone else has experianced emails form MacRumors.com being blocked by your ISP's virus scanning due to Outlook 'CR' Vulnerability. It appears that MacRumor's email client uses CR in the messages, where it should use CRLF. I don't see the problem in this, but apparantly my ISP thinks their doing me quite a favor by blocking this. They've also kindly notified me that they cannot and will not turn the virus scanning off on my account. Some crap about then I could hold them liable for damage to my machine. My machines are all Linux and Mac. Therefore, I really don't care. And even if it did take out either computer, I've got backups and Master Disks. :rolleyes: EV1....

Eniregnat
Jul 23, 2003, 06:50 PM
Link to explanation of flaw/feature (http://xforce.iss.net/xforce/xfdb/8198).
Link to a Test (http://www.declude.com/tools/mailsend.html)

Working backwards:
2.) A CR is just fine. To state that somebody must use a linefeed after a carriage return is stupid. There are patches out there, and this is just another example of IT going way to far. That said- Send an email to Arn and see what he can do about it. It's a simple request. Here is a Link (http://support.free-conversant.com/633) that explains why people should send a line feed after a carriage return.

The org I work for filters out HTML links and pictures, not because of bandwidth, but because somebody could potently do something that could crash the system. Three cheers for the nerf world!

1.) This is your ISPs/hosts damage. Luckily, they don't block this site. I understand their fear of lawsuit, but they also know that nobody could possibly win against them.

Additionally, from what I understand, this kind of flaw (a hidden executable) only works with attachments and an HTML formatted email and are not self extracting, executing or spawning. I could be wrong about this, but that's how the articles read to me.

If you don't want to use M$ (http://www.microsoft.com/) Outlook (http://www.nwfusion.com/news/2002/0322outflaws.html) then try Eudora (http://eudora.com/)

Schiffi
Jul 23, 2003, 07:24 PM
Sue your ISP for hindering you from accessing vital information.

rainman::|:|
Jul 23, 2003, 07:54 PM
Originally posted by Schiffi
Sue your ISP for hindering you from accessing vital information.

So, yeah, you have no concept of Terms of Service and Service Agreement contracts? They can do whatever they want, as long as they didn't promise him something else. doesn't matter how crappy it is. A lawsuit would be thrown out the moment it went before a judge.

pnw

MacMaelstrom
Jul 24, 2003, 06:54 AM
Originally posted by Eniregnat
If you don't want to use M$ (http://www.microsoft.com/) Outlook (http://www.nwfusion.com/news/2002/0322outflaws.html) then try Eudora (http://eudora.com/) [/B]

Oh yes, and that's the beauty of it all... I don't use Outlook. Nor Eudora. I use a simple linux client called Evolution. That said, if I sue them and they go out of business, ( :p ) I've just lost about the only ISP in my area. I'll email arn though and ask him about it.
thanks all!

MacMaelstrom
Jul 24, 2003, 07:08 AM
Well, it appears that I'll be getting a free Email account at some place that has POP service. I've found just about every email sent to me from Claris Emailer and Netscape (under 4.0 Versions) is getting blocked. This makes up a good 1/8 of people I know.

mproud
Aug 9, 2003, 02:41 PM
Well, I too have been getting Outlook 'CR' Vulnerability emails. Except the latest email I've gotten from the board is now "WARNING: We blocked a virus that was sent to you".

Oh brother.

Damn college email filtering! I'll have to get on their butts about this one. When I get back to campus in the Winter.

Sigh.

mproud
Aug 12, 2003, 02:55 PM
'CR' Vulnerability:

A response from my postmaster/admin:

Here is a reply from the owner of our email scanning software to someone on
their lists...

You can tell them that their mail client is sending out E-mail containing a
dangerous vulnerability (one that viruses can use to bypass mailserver virus
scanners). Specifically, it is sending a lone CR character in the headers of
the E-mail (as opposed to the "CRLF" that is used to indicate the end of
lines). There is no benefit to having the lone CR character, and it ends up
creating a dangerous vulnerability. It may also be worth noting that all
major mailserver AV programs will detect this very soon.

mproud
Aug 19, 2003, 12:45 PM
My emails are coming in a virus warnings now.

I am a man of action - so what should I do now?