Date: Sat, 24 Mar 2001 09:45:33 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: <FreeBSD-gnats-submit@freebsd.org> Subject: ports/26052: patch for mail/pine4 against passive fingerprinting Message-ID: <20010324091457.U3795-100000@blues.jpj.net>
next in thread | raw e-mail | index | archive | help
>Number: 26052 >Category: ports >Synopsis: patch for mail/pine4 against passive fingerprinting >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Mar 24 07:06:29 PST 2001 >Closed-Date: >Last-Modified: >Originator: Trevor Johnson (trevor@freebsd.org) >Release: 4-STABLE >Organization: myself >Environment: FreeBSD localhost.localdomain 4.2-STABLE FreeBSD 4.2-STABLE #0: Sun Feb 11 07:43:35 PST 2001 root@localhost.localdomain:/usr/src/sys/compile/4_2_STABLE_A i386 >Description: Pine puts unnecessary information in the Message-ID header: a three-letter code which denotes the operating system and (for some operating systems, not FreeBSD) the approximate version of the OS and information on certain system software (again not for FreeBSD), the version of Pine, and the word "PINE". As described in http://www.crimelabs.net/docs/passive.html , this information could be of use to someone with malicious intentions. For instance, suppose a user runs a version of Pine with known vulnerabilities, and that the user posts to public mailing lists, or to USENET. An attacker could examine the posts without the user's knowledge and send a malicious message tailored to that particular version of Pine. The attack would be almost sure to succeed. If this information were withheld, the attacker might have to try several attacks before succeeding, so the chances of the user discovering the attack would be greater. I've prepared a patch which stops Pine from sending this information. On 2001-02-11 I sent this (with a trivial difference - 26 instead of 'Z' - 'A') to pine@cac.washington.edu (AFAIK the preferred address for submitting patches to the Pine developers), Michael Elkins (author of Mutt, from which I took the format string, and which has a similar problem) and to Jose Nazario <jose@SPAM.THEGEEKEMPIRE.NET>, author of the Crimelabs article. The next day, I sent the patch to petef@databits.net (maintainer of the mail/pine4 port) with a note that the 26 should be replaced by 'Z' - 'A'. I asked that the patch be considered for the FreeBSD port. The only response I've received has been a favorable one from Jose Nazario. >How-To-Repeat: Send a message with pine. Look at the Message-ID header. >Fix: Index: files/patch-reply.c =================================================================== RCS file: patch-reply.c diff -N patch-reply.c --- /dev/null Sat Mar 24 05:58:53 2001 +++ patch-reply.c Sat Mar 24 05:52:22 2001 @@ -0,0 +1,37 @@ +--- pine/reply.c.orig Wed Jan 24 18:35:05 2001 ++++ pine/reply.c Sun Feb 11 12:15:03 2001 +@@ -4967,23 +4967,24 @@ + char * + generate_message_id() + { +- static short osec = 0, cnt = 0; ++ struct timeval tp; ++ struct timezone tzp; ++ static short osec = 0; ++ static char cnt; + char *id; + time_t now; + struct tm *now_x; + + now = time((time_t *)0); + now_x = localtime(&now); +- id = (char *)fs_get(128 * sizeof(char)); ++ id = (char *)fs_get(384 * sizeof(char)); + +- if(now_x->tm_sec == osec){ +- cnt++; +- }else{ +- cnt = 0; +- osec = now_x->tm_sec; +- } +- sprintf(id,"<Pine.%.4s.%.20s.%02d%02d%02d%02d%02d%02d%X.%d@%.50s>", +- SYSTYPE, pine_version, (now_x->tm_year) % 100, now_x->tm_mon + 1, ++ cnt = 'A'; ++ if(gettimeofday(&tp, &tzp) == 0) ++ cnt += (time_t)tp.tv_usec % ('Z' - 'A'); ++ ++ sprintf(id,"<%d%02d%02d%02d%02d%02d.%c%d@%s>", ++ (now_x->tm_year) + 1900, now_x->tm_mon + 1, + now_x->tm_mday, now_x->tm_hour, now_x->tm_min, now_x->tm_sec, + cnt, getpid(), ps_global->hostname); + >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010324091457.U3795-100000>