Full Disclosure mailing list archives
debian postfix saslauthd pam sasl2-bin
From: Karsten Gessner <list () karo homeip net>
Date: Sun, 26 Aug 2007 14:14:54 +0200
could't be that there is a huge security hole for sasl authentication (postfix) in debian default for sasl2-bin (cyrus-sasl2) /etc/default/saslauthd is MECHANISMS="pam" without proper pam.d file # # /etc/pam.d/other - specify the PAM fallback behaviour # # Note that this file is used for any unspecified service; for example #if /etc/pam.d/cron specifies no session modules but cron calls #pam_open_session, the session module out of /etc/pam.d/other is #used. If you really want nothing to happen then use pam_permit.so or #pam_deny.so as appropriate. # We fall back to the system default in /etc/pam.d/common-* # @include common-auth @include common-account @include common-password @include common-session the fallback behaviour for pam ends up in accepting any valid username without password verification massivly used by this host for sending hundreds of thousands spam mails for one day 61.142.81.37 211.141.77.186 194.143.132.115 210.123.124.168 221.130.55.20 202.143.186.250 211.138.9.114 202.96.189.45 200.78.117.240 221.2.96.198 200.78.117.241 66.167.100.59 61.128.110.110 61.130.20.50 84.247.29.103 202.153.248.34 201.222.9.54 202.103.242.100 201.15.145.2 58.21.128.78 200.78.117.236 61.50.157.3 200.230.120.4 193.41.235.105 202.109.121.51 190.67.12.246 202.152.32.59 219.248.126.108 89.28.3.157 85.85.75.18 208.5.148.67 84.109.8.253 211.103.156.233 206.18.219.23 200.164.73.254 sample mail.info log entries: sasl_method=LOGIN, sasl_username=admin sasl_method=LOGIN, sasl_username=root sasl_method=LOGIN, sasl_username=webmaster please correct me if I'm wrong _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- debian postfix saslauthd pam sasl2-bin Karsten Gessner (Aug 27)