lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: geoincidents at getinfo.org (Geoincidents) Subject: Gordano Mail Server exploit (NTmail) There is an exploit for NTmail also known as GMS where it is possible to pass a mail containing content that you have chosen to block to the users on the system. From my testing it appears to affect versions 5, 6, and 7 of NTmail and GMS version 8 both with and without the recent base64 patch. (a patch that was released only after that other exploit was made public on the security lists) Example: You have setup an rwords filter to block webbugs, I'll assume you know what webbug code looks like, and when an email is set to a GMS server with this code in it the email is accepted, then scanned, then bounced back to the sender with a bounced message. By making both the TO and FROM address the address of your target you can bypass these filters and the restricted content will be delivered as a bounced email to the target address and appear to be an email the target sent out so users are likely to open it to see which of their emails bounced. Upon opening it the webbug will expose them. Spammers also can use this technique to deliver their spams, making the filters on GMS useless for blocking spams. In my opinion, if the mail triggers the filters it should never, under any circumstances, be delivered to the users of the system. To date, Gordano has refused to even acknowledge that this is a problem. I am hoping that posting this issue to the security lists will at least alert admins of GMS and NTmail to the problem. Geo.
Powered by blists - more mailing lists