[18582] in bugtraq
Weakness in SpamCop e-mail quarantine
daemon@ATHENA.MIT.EDU (David F. Skoll)
Fri Jan 12 15:36:58 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0101111258400.1109-100000@shishi.roaringpenguin.com>
Date: Thu, 11 Jan 2001 13:02:38 -0500
Reply-To: "David F. Skoll" <dfs@ROARINGPENGUIN.COM>
From: "David F. Skoll" <dfs@ROARINGPENGUIN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SpamCop (http://spamcop.net/) has a service which operates as follows:
1) You get an account (joeuser@spamcop.net)
2) If someone (spammer@baddomain.com) sends you e-mail, and the
sender's e-mail address is not in your "known" profile, the e-mail is
held on the SpamCop system, and a message sent to the originator.
This message contains a URL which the originator must access.
Accessing this URL verifies to SpamCop that the sender address is a
valid e-mail address. SpamCop then "releases" the mail and marks the
sender as "known" to joeuser@spamcop.net
Unfortunately, the URL generated in step (2) contains a fixed prefix followed
by an incrementing sequence number. A spammer therefore needs to send one
innocuous e-mail (to a friend at spamcop.net?) from a real e-mail address
to get the initial sequence number. He then spams everyone at spamcop.net
while his shell script calls "lynx" with repeatedly-incrementing sequence
numbers.
Fix: Spamcop should add (for example) a random 16-byte cookie to each URL to
make it harder to guess.
Status: Weakness reported to SpamCop a week ago; no response yet.
- --
David F. Skoll
Roaring Penguin Software Inc. | http://www.roaringpenguin.com
GPG fingerprint: 9314 DC81 CE49 05C5 2F64 252B 3134 AD1F 1216 8F20
GPG public key: http://www.roaringpenguin.com/dskoll-key-2001.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
iD8DBQE6XfVFMTStHxIWjyARAk5mAJ0SZ7Yw8LQvue+QR4KEA6SDVES4VwCfbb9V
QGhVjqDAQ5mrhbYesTFiTF8=
=L88E
-----END PGP SIGNATURE-----
