[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability
From: Peter Conrad <conrad@xxxxxxxxx>
Date: Tue, 10 Jan 2012 13:21:22 +0100

Hi,

demonalex@xxxxxxx schrieb am 08.01.2012 um 15:10:
> Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability
> 
> Bug Description :
> Simple Mail Server is a tiny Mail Server written in C#. It can be sent mail 
without password by using usual tcp client(such as telnet).
> And it did not have SMTP authentication contoller.
> 
> POC(Remarks: domain alex.com and user alex@xxxxxxxx must be exists in 
configuration for this test case):
> >telnet 127.0.0.1 25
> 220 TEST-121F797342 SMTP ready.
> EHLO mail_of_alert
> 500 Not supported. Use HELO
> MAIL FROM: <alex@xxxxxxxx>
> 250 OK
> RCPT TO: <alex@xxxxxxxx>
> 250 OK
> Data
> 354 Start mail input; end with <CRLF>.<CRLF>
> From: "alex@xxxxxxxx" <alex@xxxxxxxx>
> To: "alex@xxxxxxxx" <alex@xxxxxxxx>
> Subject: authenticate is not required!

erm... where's the bug? If the mailer is configured to receive
mail for alex@xxxxxxxx, why should it require SMTP authentication
for incoming mails to that address?

Anyway, SMTP authentication is not a requirement for an MTA, so
the lack of such can hardly be called a bug.


Bye,
        Peter
-- 
Peter Conrad
Tivano Software GmbH
Bahnhofstr. 18
63263 Neu-Isenburg
Tel: 06102 / 8099070
Fax: 06102 / 8099071
HRB 11680, AG Offenbach/Main
Geschäftsführer: Martin Apel

References:
- Simple Mail Server - SMTP Authentication Bypass Vulnerability
  - From: demonalex

Prev by Date: Is Your Online Bank Vulnerable To Currency Rounding Attacks?
Next by Date: [ MDVSA-2012:003 ] apache
Previous by thread: Simple Mail Server - SMTP Authentication Bypass Vulnerability
Next by thread: AppSec DC 2012 CFP EXTENDED!
Index(es):
- Date
- Thread