[12378] in bugtraq
Re: Netscape Messaging Server RCPT TO vul.
daemon@ATHENA.MIT.EDU (Alan Brown)
Fri Oct 29 12:15:26 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9910291840500.3354-100000@mailhost.manawatu.net.nz>
Date: Fri, 29 Oct 1999 18:42:43 +1300
Reply-To: Alan Brown <alan@MANAWATU.GEN.NZ>
From: Alan Brown <alan@MANAWATU.GEN.NZ>
X-To: Nobuo Miwa <n-miwa@LAC.CO.JP>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199910281852.DFE99934.JNXBO-@lac.co.jp>
On Thu, 28 Oct 1999, Nobuo Miwa wrote:
> I've discussed with Netscape's engineer for 7 weeks.
> about RCPT TO vulnerability.
> I reported them on 7th Sep. as followings...
This has been known about for a while, along with a rather nasty
relaying vulnerability in Netscape's distributed antirelay settings.
There are a bunch of fixes at http://www.tsc.com/~bobp/nms-no-relay.html
AB
