[NEWS] AutoResponder Allows Spamming
From: support@securiteam.comDate: 01/16/02
- Previous message: support@securiteam.com: "[NEWS] Legato NetWorker Log File Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 16 Jan 2002 23:22:07 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
AutoResponder Allows Spamming
------------------------------------------------------------------------
SUMMARY
<http://meepzor.com/packages/autoresponder/r> AutoResponder - An Email
Answering Script, contains a security vulnerability that allows spammers
to use the program to spam 3rd parties.
DETAILS
The AutoResponder program could be tricked by spammers to send unsolicited
mail to arbitrary addresses if the option to 'reply with copy of the
original message attached to response' is enabled in AutoResponder's
configuration. Further, the program does not have any sort of restriction
on the number of responses to one email address during any one period.
In fact, if reply with copy of original message is enabled, the spam
message will be sent with 'From:' or 'Reply to:' being the victim's
address.
In addition, it is possible to trick AutoResponder to abuse victim's email
address by sending large number of messages to address with AutoResponder
enabled on it, since there is no limit on number of messages delivered to
single mailbox during some period of time.
ADDITIONAL INFORMATION
The information has been provided by <mailto:info@compulabs.dhs.org>
Alexander Moloksher and <mailto:Ken.Coar@Golux.Com> Rodent of Unusual
Size.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Legato NetWorker Log File Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Daydream BBS Format String Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... product allows attackers to exploit
a format string vulnerability in the ... This bulletin is sent to members of the
SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [NEWS] L-Forum SQL Injection Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... arbitrary SQL commands
by injecting them through user provided data. ... This bulletin is sent to members of the
SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [NT] Buffer Overrun in Talentsofts Web+
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... system service, any arbitrary
code executed on the server would run in the ... The information in this bulletin is provided
"AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [UNIX] PHP Source Injection in osCommerce
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Would result in a directory
listing of the current dierctory ... The information in this bulletin is provided "AS
IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [NT] Kunani FTP Server Vulnerable to a Directory Traversal Attack
... Beyond Security would like to welcome Tiscali World Online ... Kunani FTP
Server is a free Windows based FTP Server, ... The information in this bulletin is
provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
damages. ... (Securiteam)
