Mailsploit.com exploits pack vulnerability
|Assignee:||Hiroyuki Yamamoto||% Done:|
Hello dear mr. Yamamoto,
recently I see related issue on K-9 Mail tracker, https://github.com/k9mail/k-9/issues/2962.
Seems that Sylpheed have some problems. Please take a look on the screenshot attached.
3.5 & 3.6 Linux versions are tested.
#1 Updated by Hiroyuki Yamamoto about 1 month ago
- File mailsploit-test.png added
- Status changed from New to Rejected
I have just chedked that, and I can say that Sylpheed is NOT exploitable by this exploits.
If you open the messages, you can easily detect the spoofing by looking From (see the attached screenshot),
not like the example on the page: https://www.mailsploit.com/index
Sylpheed just ignores or replaces the Q-encoded nul character or newline (=?utf-8?Q?=00?=) (=?utf-8?Q?=0A=00?=),
so the actual domain part will not be hidden.
The From column of the summary view only displays display-name part,
so you shouldn't judge only by the information.