cmd5checkpw Qmail Remote Password Retrieval Vulnerability

The authentication program cmd5checkpw can function as a plugin to qmail-smtpd-auth, a patch for qmail which supports the SMTP AUTH protocol.
Due to improper input validation and error trapping, supplying cmd5checkpw with a non-existent username will cause it to segfault. In turn, the qmail-smtpd-auth qmail patch incorrectly interprets this failure as a successful authentication. As a result, an attacker providing invalid input to cmd5checkpw can create a falsely-authenticated session, leaving the victim host open to receiving and forwarding mail from unauthenticated systems.


Privacy Statement
Copyright 2010, SecurityFocus