[24138] in bugtraq
Intel.com Mailing List Arbitrary Address Removal Link
daemon@ATHENA.MIT.EDU (E M)
Wed Feb 6 14:11:52 2002
From: "E M" <rdnktrk@hotmail.com>
To: bugtraq@securityfocus.com
Cc: debbiex.l.phillips@intel.com
Date: Tue, 05 Feb 2002 16:16:06 -0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F130DgkwLd8Lq7R3TOk0000a0c9@hotmail.com>
.: Overview :.
Several Intel Programs (Intel product dealer -IPD- for example) allow you to
join a Mailing List with exclusive Intel news and announcements. This is
helpfull in keeping up to date with changes in the marketplace in relation
to Intel products.
.: Problem :.
While Intel requires you to login to modify account information, it does not
require you to login to remove your e-mail (or any e-mail) from its mailing
list database.
.: Example :.
To Remove someone@domain.com
http://intel.m0.net/m/u/ien/i.asp?e=someone%40domain.com
.: Factors :.
-You would need to know which addresses you would like to remove.
-You can't modify addresses or information
.: Severity :.
Removal of users from Mailing List without authorization.
- Low
.: Conclusion :.
An oversight which should be resolved by requiring login prior to
unsubscription from the list.
.: Vendor Response :.
Notified Friday 02/01/2002
Responded with "were working on it" 02/05/2002
.: Advisory By :.
Eric McCarty
rdnktrk@hotmail.com
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
