Full Disclosure mailing list archives
Re: The Macallan mail solution 4.0.6.8 (Build 786) contains several vulnerabilities
From: "Alex V. Lukyanenko" <y_avenger_y () ua fm>
Date: Tue, 4 Jan 2005 14:01:20 +0200
Hello CIRT, DO you people think you digitally sign your correspondence by attaching a public key block to the end? EEEK! I prefer to stay quiet about using an insecure-unless-proven-otherwise type of MUA. Friday, December 31, 2004, 2:29:29 PM, you wrote: ... CA> X-Mailer: Microsoft Outlook, Build 10.0.4024 ... CA> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 ... CA> The Macallan Mail Solution are vulnerable to the problems shown below: CA> CA> "Macallan Mail Solution Web Interface Authentication Bypass" similar to CA> vulnerability reported earlier by Secunia CA> http://secunia.com/advisories/10861/ CA> CA> Denial of Service when requesting an overly long URL starting with an CA> interrogation mark on the web server CA> CA> CA> To read the full advisory goto http://www.cirt.dk CA> CA> Regards CA> Dennis Rand CA> http://www.cirt.dk CA> CA> -----BEGIN PGP PUBLIC KEY BLOCK----- CA> Version: PGP 8.0 CA> CA> mQGiBEAf2xcRBADMrO7uP0dJq1ZsXkLZLqEhz58LL77qLbXOMNoDRkAo+4MTZoZC CA> WMNkZsx3D5tbou4KJZCnayt0PFjymyYLsOJ6WauTfXOLA/L+sXTJCa7vSsWwlcQW CA> m01uy0+djp3XumGHkWdWXvu5cXm7y+UjsF5iiQV8X9EGR18ApoCzA/mi/QCg/zzf CA> Kw9x7XXGi1pLTpUBI/BvaRkD/2pZf4NLsF7TcCT/rDcNexxr5Ci9xHfglBFKUcQK CA> 9NnF/umLLM3PVyFk8zl7Ra2d8rvPzhDdIi+VGu0Flv5ckRRhiu9A4sOE6zbTkv3f CA> Q+je/ynnpl36OLswYG+iCELZqzOssRUTe4m9nSeJrbvtyFkW7I/UrBkfursed6yD CA> vzVDA/4mrWEWgjZkO4wEefwg6FOXr2dChGmdoVXaDyKuQ89hp99THPIALjnorNQK CA> 91IbzyJGX+HaU/KyfKgQfeEEd4znfi9EEaDNDzQmbCntmmCq2PAN0OOcqm4lVNOi CA> CzEDvsweRxGdffQA+aoNjqeACL1YmPNnTWeNeMNYN7kYD9sTJrQgQ0lSVCBBZHZp CA> c29yeSA8YWR2aXNvcnlAY2lydC5kaz6JAFgEEBECABgFAkAf2xcICwkIBwMCAQoC CA> GQEFGwMAAAAACgkQX3fRHNAOUc+KAQCfUD3uwuQmiZjUNXmcKyzXVWFni7cAniIS CA> fmTQMRf3rIs6kKmSXfnfrXG+uQINBEAf2xcQCAD2Qle3CH8IF3KiutapQvMF6PlT CA> ETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZ CA> X9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56N CA> oKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kj CA> wEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obE CA> AxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAIC CA> B/98f1FQkSzTqoH80viqqJTj3xZVe7xi+n4g4Ji3zuHW+jsgg6SPZOykCDSuzTCO CA> hJ6LLnwFaqGGu2As7RaNd335P8rH1bLwWQMmIo+Kohj3Ya7cg6gPkkiMSZAIpdca CA> cXVbxtKZ05dxcixddO2/HOc84/1mR8ajIOsmFKl4DXJ9OwCglgh1i914rQLx5mei CA> K0XheewAT9eA13yPwbUR1EnormDdaz0USX3l5GBGgvHBO3Xy+muoL8Qzep4PIqfL CA> Eg18tNXh0vQzBGdmhAjdSVSnSMBts4D5K20HC2YvbdPzWjVeyKg+yTYl4r3r1D+x CA> vSPng/cCcSX1bESzjOMCE6PDiQBMBBgRAgAMBQJAH9sXBRsMAAAAAAoJEF930RzQ CA> DlHPdCgAn1jt7gbjHBTQLwTuZH6mpvOnWYs+AJ4sIPIoGz+6/YQLbWr1zXEbmKxo CA> CA== CA> =4wBy CA> -----END PGP PUBLIC KEY BLOCK----- CA> CA> _______________________________________________ CA> Full-Disclosure - We believe in it. CA> Charter: http://lists.netsys.com/full-disclosure-charter.html -- Alex V. Lukyanenko | 86195208@icq | y_avenger_y () ua fm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The Macallan mail solution 4.0.6.8 (Build 786) contains several vulnerabilities CIRT Advisory (Dec 31)
- Re: The Macallan mail solution 4.0.6.8 (Build 786) contains several vulnerabilities Alex V. Lukyanenko (Jan 06)