lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 15 Aug 2003 12:35:25 -0300
From: "Ricardo J. Ulisses Filho" <ricardoj@...link.com.br>
To: Vincenzo 'puccio' Ciaglia <puccio@...ciolab.org>
Subject: Re: PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4


Hi,

I've made some tests here and could reproduce the same vulnerability behaviour 
described in your advisory. 
Reading about session handlers, in php.ini, there is an option called 
"session.use_only_cookies", that, if set, avoids such sort of attack which 
involves passing session ids in URLs.
Unfortunately, this option is not used by most default php.ini configurations.

Regards,

-- 
Ricardo J. Ulisses Filho
_____________________________
ricardoj@...link.com.br
System Administrator
HOTlink Internet - Recife / PE /  Brazil

On Wednesday 13 August 2003 18:26, Vincenzo 'puccio' Ciaglia wrote:
> ---------------------------
> PUCCIOLAB.ORG - ADVISORIES
> <http://www.pucciolab.org>
> ---------------------------
>
> PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4
>
> ---------------------------------------------------------------------------
> PuCCiOLAB.ORG Security Advisories                      puccio@...ciolab.org
> http://www.pucciolab.org                          Vincenzo 'puccio' Ciaglia
> August 12th, 2003
> ---------------------------------------------------------------------------
>
> Package        : Horde MTA
> Vulnerability  : access to private account without login
> Problem-Type   : remote
> Version        : All < 2.2.4
> Official Site  : http://horde.org/
> N° Advisories  : 0001
>
> ***********************
> Description of problem
> ************************
> An attacker could send an email to the victim who ago use of HORDE MTA in
> order to push it to visit a website. The website in issue log all the
> accesses and describe in the particular the origin of every victim.
>
> Example:
> -------------------
> MY STAT FOR MY WEBSITE - REFERENT DOMAIN
> HTTP://MYSITE.MYSOCIETY.NET/HORDE/IMP/MESSAGE.PHP?HORDE=FC235847D2C8A88190C
>879B290D12630&INDEX=XXX
>
> In this example, the victim has visualized our website reading the mail
> that we have sent to it. Visiting the link marked from our counter of
> accesses, we will be able to approach the page of management of the mail of
> the victim and will be able to read and to send, calmly, its email without
> to make the login.The session comes sluice after approximately 20 minutes
> and the hacker it has the time to make its comfortable ones.
>
> *************************
> What could make a attacker?
> *************************
> Read, write and fake your e-mail. Could send , from you email address, a
> mail to your ISP and ask it User e PASS of your website.The consequences
> would be catastrophic
>
> *************************
> What I can do ?
> *************************
> Upgrade your MTA Agent to 2.2.4 version.
>
> Greet,
> Vincenzo 'puccio' Ciaglia
> www.pucciolab.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ