[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Microsoft Outlook PST Exposure

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Microsoft Outlook PST Exposure
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Mon, 01 Sep 2003 00:12:21 +1200

"Kaveh Mofidi" <Admin@SecureTarget.Net> warped the ether with:

> Secure Target Network (Security Advisory August 31, 2003) 
> Topic: Microsoft Outlook PST Exposure
> Discovery Date: August 28, 2003
> Link to Original Advisory: http://securetarget.net/advisory.htm
<<snip usual rubbish about Outlook PST files, etc, etc>>

This "vulnerability" is discovered and published on lists such as this 
at least twice a year.

It is not a vulnerability.

Many, many Email and related messaging products behave precisely this 
way.  It's a widely acepted disk-space vs. performance tradeoff in flat-
file databases that, despite records being deleted, the data file grows 
as records are added.  An index is used to keep track of the "active" 
and deleted records.  It is also common that once a given percentage of 
the data filesize, absolute volume, etc is "wasted" holding deleted 
records some form of maintenance routine re-writes the whole data file, 
retaining only the "active" records.

If you have discovered anything it is just that you did not previously 
know how this part of Outlook works.  This has been reported before, as 
it has for Outlook Express.  Several times.

And don't get all steamed up about it -- sure the MS documentation is 
not exactly crystal clear on this and could do better, but MS is 
certainly not the sole developer whose Email client works this way, nor 
did MS invent this approach.  From memory, Eudora and Pegasus Mail, and 
I'm fairly sure The Bat! and at least some versions of the Notes 
clients have all been reported to work thus, and most (if not all) of 
the venerable *nix mail clients do not immediately compact their folder 
files on _every_ message deletion (though doing so on exit from the 
client rather than once some space "wastage" criterion is reached is 
probably a more common default behaviour with such clients).


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Microsoft Outlook PST Exposure
  - From: "Kaveh Mofidi" <Admin@SecureTarget.Net>

Prev by Date: [Full-Disclosure] Cross Site Scripting in Webbased Virusencyclopedia
Next by Date: [Full-Disclosure] CrossOver
Prev by thread: [Full-Disclosure] Microsoft Outlook PST Exposure
Next by thread: [Full-Disclosure] Cross Site Scripting in Webbased Virusencyclopedia
Index(es):
- Date
- Thread