a DoS vulnerability associated with conflated Message-IDs?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 8 08:37:09 PST 2012
notmuch currently treats all messages with the same Message-ID as
the same message. I think this could be a vulnerability :(
If two messages have the same Message-ID, is there a guarantee of which
of these messages will be produced during a notmuch show?
Either way, it seems to create a potential DoS attack on notmuch users.
-------
The attack:
Let's say there is a public mailing list that Mallory knows
bob at example.org is subscribed to. alice at example.net sends a message to
the public mailing list detailing some problem that Bob probably needs
to deal with.
Mallory can just craft a content-free e-mail (or a dozen?) with the same
Message-ID as Alice's message, and send it to bob at example.org.
If Bob uses notmuch, he is much more likely to read one of Mallory's
bogus e-mails than to read Alice's original message.
Mallory's e-mail could also be crafted to look like spam, in the hopes
that Bob's spamfiltering scripts would mark the original message's
Message-ID as spam.
--------
I don't know how to fix this, and i'd be happy to hear if someone thinks
my analysis above is flawed and this isn't really a problem.
Any ideas on how to approach this?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20120308/b91e806d/attachment.pgp>
More information about the notmuch
mailing list