[NEWS] HTML Form Protocol Attack
From: support@securiteam.comDate: 08/19/01
- Previous message: support@securiteam.com: "[TOOL] Windows 9x Password List File (.PWL) Decoder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] HTML Form Protocol Attack Message-Id: <20010819152112.BC0DB138BF@mail.der-keiler.de> Date: Sun, 19 Aug 2001 17:21:12 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
HTML Form Protocol Attack
------------------------------------------------------------------------
SUMMARY
Some HTML browsers can be tricked, using HTML forms, into sending
arbitrary data to any TCP port. This can be used to send commands to
servers using ASCII based protocols like SMTP, NNTP, POP3, IMAP, IRC, and
probably others. By sending HTML email to unsuspecting users or using a
special HTML page, an attacker might be able to send mail or post Usenet
News through servers normally not accessible to him. In special cases, an
attacker might be able to do other harm, e.g. deleting mail from a POP3
mailbox.
DETAILS
Vulnerable systems:
Netscape version 4.77 (Linux) allows access to non-privileged ports, but
restricts access to privileged ports. This can be bypassed by issuing port
number above 65535 (accessing port 65535+21 = 65556, will cause it to
access port 21 instead of 65556)
Netscape version 6.0/6.01
Netscape version 6.1 - only allows access to non-privileged ports
Opera version 5 (Linux)
Internet Explorer version 5.50.4522.1800
Lynx (Linux)
Mozilla version 0.9.1
The full explanation of this exploit can be found at:
<http://www.remote.org/jochen/sec/hfpa/index.html>
http://www.remote.org/jochen/sec/hfpa/index.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:jochen@remote.org> Jochen
Topf, <mailto:brs@ben-tech.com> Bennett Samowich, and
<mailto:bgrg2@cam.ac.uk> Barnaby Gray, .
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] Windows 9x Password List File (.PWL) Decoder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
