lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030813232618.209a7c8c.puccio@pucciolab.org>
Date: Wed, 13 Aug 2003 23:26:18 +0200
From: Vincenzo 'puccio' Ciaglia <puccio@...ciolab.org>
To: bugtraq@...urityfocus.com
Subject: PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4


---------------------------
PUCCIOLAB.ORG - ADVISORIES
<http://www.pucciolab.org> 	 
---------------------------

PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4

---------------------------------------------------------------------------
PuCCiOLAB.ORG Security Advisories                      puccio@...ciolab.org
http://www.pucciolab.org                          Vincenzo 'puccio' Ciaglia
August 12th, 2003                       
---------------------------------------------------------------------------

Package        : Horde MTA
Vulnerability  : access to private account without login
Problem-Type   : remote
Version        : All < 2.2.4 
Official Site  : http://horde.org/
N° Advisories  : 0001

***********************
Description of problem 
************************
An attacker could send an email to the victim who ago use of HORDE MTA in order to push it to visit a website. The website in issue log all the accesses and describe in the particular the origin of every victim.

Example: 
-------------------
MY STAT FOR MY WEBSITE - REFERENT DOMAIN 
HTTP://MYSITE.MYSOCIETY.NET/HORDE/IMP/MESSAGE.PHP?HORDE=FC235847D2C8A88190C879B290D12630&INDEX=XXX 

In this example, the victim has visualized our website reading the mail that we have sent to it. Visiting the link marked from our counter of accesses, we will be able to approach the page of management of the mail of the victim and will be able to read and to send, calmly, its email without to make the login.The session comes sluice after approximately 20 minutes and the hacker it has the time to make its comfortable ones.

*************************
What could make a attacker?
*************************
Read, write and fake your e-mail. Could send , from you email address, a mail to your ISP and ask it User e PASS of your website.The consequences would be catastrophic

*************************
What I can do ?
*************************
Upgrade your MTA Agent to 2.2.4 version. 

Greet,
Vincenzo 'puccio' Ciaglia
www.pucciolab.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ