mailing list archives

> I have just received a frightening report that says that the mail client
> in Android phones sends an ID command to an IMAP server that does not
> advertise the ID extension, and disconnects the session when the IMAP
> server returns BAD as the response.
>
> I can NOT duplicate this problem on my Android phone, an old T-Mobile
> myTouch 3G. However, as its OS is 2 or so years old, it's possible that
> this is a bug in newer versions.
>
> The client reported to do this sends the following ID command:
>
> 2 ID ("name" "com.android.email" "os" "android" "os-version" "2.2; FROYO" "vendor" "samsung" "x-android-device-model" "GT-P1000" "x-android-mobile-net-operator" "Vodafone CZ" "AGUID" "F26+FjerfVzQ1lSlxFmbV/Yw0ak=")
>
> Is this true?

The Android Email client is part of the open source release.
GT-P1000 appears to the GSM version of the Galaxy Tab.  This is not
running stock Android, but Samsung's own interface, which may be using
a modified version of the Email client or something entirely written
in-house.

The source code is published here:
http://android.git.kernel.org/?p=platform/packages/apps/Email.git;a=summary

Ahh, apparently the answer is yes:

http://android.git.kernel.org/?p=platform/packages/apps/Email.git;a=commit;h=275b89d96949de6544c7bca999e241f659cf18b3

fixes the bug.  I'm not sure if there was a release while it did it
before it stopped doing it.  I'm not seeing any of the requests in our
logs, but could be missing it, or people are more likely to use the
gmail app for gmail than the email app.

Brandon

Thank you for confirming that this problem is fixed.

Further investigation determined that the disconnection session was by the
server.  That particular server considers any invalid command prior to
authentication to be part of a possible fuzzing attack, and always
disconnects.  Since it wasn't known how long it would be before this
problem is fixed in Android, the server was subsequently changed to allow
some number of invalid pre-authentication commands before disconnecting.

On Fri, 11 Mar 2011, Brandon Long wrote:
>> I have just received a frightening report that says that the mail client
>> in Android phones sends an ID command to an IMAP server that does not
>> advertise the ID extension, and disconnects the session when the IMAP
>> server returns BAD as the response.
>>
>> I can NOT duplicate this problem on my Android phone, an old T-Mobile
>> myTouch 3G. However, as its OS is 2 or so years old, it's possible that
>> this is a bug in newer versions.
>>
>> The client reported to do this sends the following ID command:
>>
>> 2 ID ("name" "com.android.email" "os" "android" "os-version" "2.2; FROYO" "vendor" "samsung" "x-android-device-model" "GT-P1000" "x-android-mobile-net-operator" "Vodafone CZ" "AGUID" "F26+FjerfVzQ1lSlxFmbV/Yw0ak=")
>>
>> Is this true?
>
> The Android Email client is part of the open source release.
> GT-P1000 appears to the GSM version of the Galaxy Tab.  This is not
> running stock Android, but Samsung's own interface, which may be using
> a modified version of the Email client or something entirely written
> in-house.
>
> The source code is published here:
> http://android.git.kernel.org/?p=platform/packages/apps/Email.git;a=summary
>
> Ahh, apparently the answer is yes:
>
> http://android.git.kernel.org/?p=platform/packages/apps/Email.git;a=commit;h=275b89d96949de6544c7bca999e241f659cf18b3
>
> fixes the bug.  I'm not sure if there was a release while it did it
> before it stopped doing it.  I'm not seeing any of the requests in our
> logs, but could be missing it, or people are more likely to use the
> gmail app for gmail than the email app.
>
> Brandon
> _______________________________________________
> Imap-protocol mailing list
> Imap-protocol@u.washington.edu
> http://mailman2.u.washington.edu/mailman/listinfo/imap-protocol
>

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.