Full Disclosure mailing list archives

Re: Thomas E Cooper/Boulder/IBM is out of the office.

From: Jason <security () brvenik com>
Date: Wed, 16 Apr 2003 21:50:07 -0400

I hate to use IBM as an example but I sent a message last week with abit about these OOTO messages and leakage of information / targetaquisition.

No X-Mailer but the Thomas E Cooper/Boulder/IBM suggests Notes prettystrongly, there are a few other possibilities but I believe they are allextremely old mailers. It is IBM, duh! I think there is no real need toask what they are using just what version.

A google for "X-MIMETrack: Serialize by Router" and "IBM" promptlypoints us to http://www.omg.org/issues/issue4397.txt


which contains a quite dated X-Mailer confirming notes
X-Mailer: Lotus Notes Release 5.0.5  September 22, 2000

but a few links down there is the very promising archived message
http://lists.w3.org/Archives/Public/www-forms/2003Apr/0037.html

relevant bits
> Date: Fri, 11 Apr 2003 14:31:07 -0400
> X-Mailer: Lotus Notes Release 6.0 September 26, 2002
> X-MIMETrack: Serialize by Router on D01ML233/01/M/IBM(Release 6.0.1
> [IBM]|April 9, 2003) at
> 04/11/2003 14:31:09,
>     Serialize complete at 04/11/2003 14:31:09

So not a definitive answer but a high probability of Lotus Notes Release6.0.0 or 6.0.1 is in use.


Off to http://icat.nist.gov/icat.cfm I go

Plug in Lotus Notes and click "One Year"

only 4 known potentials this year with a low probability of success inthis case unless it is still 6.0.0, suprisingly a mentioned vector is email.


http://marc.theaimsgroup.com/?l=bugtraq&m=104550124032513&w=2

This is all public information from public archives and only 10 minutesof search and type.


-J

Valdis.Kletnieks () vt edu wrote:

On Wed, 16 Apr 2003 14:14:26 EDT, Michael Scheidell said:


I will be out of the office starting April 16, 2003 and will not return
until April 21, 2003.

I will respond to your message when I return.


Cool... is your house empty too?



Amazingly enough, his message didn't leak an X-Mailer: line.

The previous person to do that to me leaked this:

X-Mailer: Internet Mail Service (5.5.2655.55)

Hmm... Who wants to do a cross-correlate of that to vulnerabilities that
we could leave in their inbox for when they get back and are likely to
open things without being careful because they're buried in messages?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Thomas E Cooper/Boulder/IBM is out of the office. Thomas E Cooper (Apr 16)
- Re: Thomas E Cooper/Boulder/IBM is out of the office. Michael Scheidell (Apr 16)
  - RE: Thomas E Cooper/Boulder/IBM is out of the office. Ed Carp (Apr 16)
    - RE: Thomas E Cooper/Boulder/IBM is out of the office. madsaxon (Apr 16)
    - RE: Thomas E Cooper/Boulder/IBM is out of the office. Mark (Apr 16)
    - RE: Thomas E Cooper/Boulder/IBM is out of the office. Cade Cairns (Apr 16)
    - RE: Thomas E Cooper/Boulder/IBM is out of the office. Steve Wray (Apr 17)
  - Re: Thomas E Cooper/Boulder/IBM is out of the office. Neeko Oni (Apr 16)
  - Re: Thomas E Cooper/Boulder/IBM is out of the office. Valdis . Kletnieks (Apr 16)
    - Re: Thomas E Cooper/Boulder/IBM is out of the office. Jason (Apr 16)
  - Re: Thomas E Cooper/Boulder/IBM is out of the office. Shawn McMahon (Apr 17)
- <Possible follow-ups>
- RE: Thomas E Cooper/Boulder/IBM is out of the office. Scheidell (Apr 16)