[30694] in bugtraq
Re: ServU FTP Service (Win32) is able to relay email
daemon@ATHENA.MIT.EDU (Hal Flynn)
Thu Jul 10 17:19:20 2003
Date: Thu, 10 Jul 2003 09:01:46 -0600 (MDT)
From: Hal Flynn <flynn@securityfocus.com>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.55.0307100858060.26339@mail.securityfocus.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> ServU FTP Server for Win32 has a Bug that makes it possible to relay
> email messages anonymously. As described in the RFC documents for FTP
> (959, 1579, 2228) its not recommendet for the service to accept PORT
> commands containing target ports above 1024/tcp. Example:
Nice. I'd like to point out that this isn't a new issue per se, but
instead a rehash of something discovered by Hobbit, and described in
Bugtraq ID 126:
http://www.securityfocus.com/bid/126
On another note, in two days, this vuln will be eight years old. I
suppose this is an early birthday present.
Cheers,
Hal Flynn
Symantec Corp.
http://www.securityfocus.com/unix
