Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

MailSweeper for SMTP Security Problem
From: Russ Hayward <bug () EUNOS DEMON CO UK>
Date: Tue, 27 Mar 2001 07:14:45 +0100
There appears to be vulnerability with Mail Sweeper for SMTP email by
Content Technologies.
(Tested on Version 4.19, others may be vulnerable)

My test system is -

    Windows NT 4 Service Pack 5
    MailSweeper for SMTP version 4.1.9

I have two separate incoming and outgoing policies scenarios, I trust (!) my
users and allow all
internal users to send what they like (no restrictions) but restrict
incoming emails with
virus checks, text analysis, exe file checks etc.. etc..

The Incoming scenario applies to this address list * () * --> * () mydomain com
and the Outgoing Scenario applies to * () mydomain com --> * () *

The SMTP relay restrictions ensure that only mail destined for the local
domain are forwarded.

The problem occurs when an attacker spoofs an email so the sender appears to
be a user within my
domain i.e. JoeBloggs () mydomain com and the recipient is the intended victim
i.e. user () mydomain com

MailSweeper will apply the OUTGOING scenario (i.e. nothing) and forwards the
mail internally to the
intended victim. This email could contain any content.

I notified Content Technologies on the 03/03/2001 and have received no
response.

Regards

Russ Hayward

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]