• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Alt-N MDaemon/WorldClient Form2Raw Mail Header Spoofing Vulnerability

Alt-N MDaemon/WorldClient is prone to a vulnerability which may enable a remote user to send mail with spoofed headers. Remote users may submit a malicious form through the 'Form2Raw.exe' (included with WorldClient) utility, which will cause mail with attacker-supplied headers to be sent via the mail server. As a result, WorldClient may be used by unauthorized users to send email to arbitrary hosts.

It has been reported that this utility is not accessible in the default configuration and that the utility may not be abused in this manner if properly configured.