Re: ServU FTP Service (Win32) is able to relay email

From: Hal Flynn (flynnat_private)
Date: Thu Jul 10 2003 - 08:01:46 PDT

Next message: theblacksheep: "PHP-Include-Hack-Possibility in phpforum 2 RC-1"

Previous message: Gregory LEBRAS: "[SCSA-019] Gattaca Server 2003 Vulnerable to Multiple vulnerabilities"
Next in thread: Nick FitzGerald: "Re: ServU FTP Service (Win32) is able to relay email"
Reply: Nick FitzGerald: "Re: ServU FTP Service (Win32) is able to relay email"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ServU FTP Server for Win32 has a Bug that makes it possible to relay
> email messages anonymously. As described in the RFC documents for FTP
> (959, 1579, 2228) its not recommendet for the service to accept PORT
> commands containing target ports above 1024/tcp. Example:

Nice.  I'd like to point out that this isn't a new issue per se, but
instead a rehash of something discovered by Hobbit, and described in
Bugtraq ID 126:

http://www.securityfocus.com/bid/126

On another note, in two days, this vuln will be eight years old.  I
suppose this is an early birthday present.

Cheers,

Hal Flynn
Symantec Corp.
http://www.securityfocus.com/unix

Next message: theblacksheep: "PHP-Include-Hack-Possibility in phpforum 2 RC-1"
Previous message: Gregory LEBRAS: "[SCSA-019] Gattaca Server 2003 Vulnerable to Multiple vulnerabilities"
Next in thread: Nick FitzGerald: "Re: ServU FTP Service (Win32) is able to relay email"
Reply: Nick FitzGerald: "Re: ServU FTP Service (Win32) is able to relay email"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 14:06:08 PDT