Environment
GroupWise 2014 R2 Support Pack 2
GroupWise 18
GroupWise 18
Situation
A hacker tries to get past software that filters or verifies
the MIME head field:
From
They do this by injecting a null.
Nulls are not allowed in SMTP, so they encode the null in
either B64 or Quote Printable encoding, which is allowed in the
From field in the header.
The idea is that any software that scans the from will be
fooled by the presence of legitimate text that follows the null,
while client and other software will see the "hacked" From in from
of the null.
The GWIA has no code that scans or verifies the FROM.
For features like Domain Keys Identified Mail (DKIM), we let
GWAVA or third parties front us.
For GWIA and our client, what remains is to not allow the null
injection to truncate the displayed from text. If we can
avoid the truncation then the recipient will see the oddness of the
from and may suspect hacking.
Resolution
There are FTF builds that will correct this. Open an SR and
ask for the most current FTF for either GroupWise 2014 R2 or
GroupWise 18