[imp] Fwd: PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4
AJ
aj at mindcrash.com
Wed Aug 13 15:34:52 PDT 2003
From bugtraq....
>---------------------------
>PUCCIOLAB.ORG - ADVISORIES
><http://www.pucciolab.org>
>---------------------------
>
>PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4
>
>---------------------------------------------------------------------------
>PuCCiOLAB.ORG Security Advisories puccio at pucciolab.org
>http://www.pucciolab.org Vincenzo 'puccio' Ciaglia
>August 12th, 2003
>---------------------------------------------------------------------------
>
>Package : Horde MTA
>Vulnerability : access to private account without login
>Problem-Type : remote
>Version : All < 2.2.4
>Official Site : http://horde.org/
>N° Advisories : 0001
>
>***********************
>Description of problem
>************************
>An attacker could send an email to the victim who ago use of HORDE MTA in
>order to push it to visit a website. The website in issue log all the
>accesses and describe in the particular the origin of every victim.
>
>Example:
>-------------------
>MY STAT FOR MY WEBSITE - REFERENT DOMAIN
>HTTP://MYSITE.MYSOCIETY.NET/HORDE/IMP/MESSAGE.PHP?HORDE=FC235847D2C8A88190C879B290D12630&INDEX=XXX
>
>
>In this example, the victim has visualized our website reading the mail
>that we have sent to it. Visiting the link marked from our counter of
>accesses, we will be able to approach the page of management of the mail
>of the victim and will be able to read and to send, calmly, its email
>without to make the login.The session comes sluice after approximately 20
>minutes and the hacker it has the time to make its comfortable ones.
>
>*************************
>What could make a attacker?
>*************************
>Read, write and fake your e-mail. Could send , from you email address, a
>mail to your ISP and ask it User e PASS of your website.The consequences
>would be catastrophic
>
>*************************
>What I can do ?
>*************************
>Upgrade your MTA Agent to 2.2.4 version.
>
>Greet,
>Vincenzo 'puccio' Ciaglia
>www.pucciolab.org
More information about the imp
mailing list