Unsubscribe DoS

From: Frank Knobbe (frank@knobbe.us)
Date: 12/19/02

  • Next message: Arnold, Jamie: "RE: Unsubscribe DoS"
    From: Frank Knobbe <frank@knobbe.us>
    To: vuln-dev@securityfocus.com
    Date: 18 Dec 2002 23:35:18 -0600
    
    

    Greetings,

    while reviewing postmasters email for a mail system we manage, I came
    across an email from some list/spam server that offers an unsubscribe
    URL. This was a bounced email for a user that no longer has a mail box
    on the systems. So I just opened the browser and unsubscribed the user
    to avoid any further bounces.

    Nice feature I thought..... and then I started to take a look at the URL
    [1]. Obviously we have the subscriber ID (email recipient), the customer
    ID (the client of the list/spam server), and the campaign ID (to
    identify the mailing itself).

    The risk is that someone could just enter any subscriber ID and unsubscribe someone else.

    That made me wonder how widespread the problem is. Are there any
    pointers or references to list/spam server opt-in/opt-out systems that
    are prone to automated attacks, such as a for-loop posting http pages?

    Regards,
    Frank

    [1]http://mailiwant.com/unsubscribe.jsp?subid=123456&custid=12&campid=1234<br> <a href="mailto:rsmc@tid.es?subject=Re:%22



    Relevant Pages

    • RE: Unsubscribe DoS
      ... Many of these "unsubscribe" urls are just a way of verifying that the email ... while reviewing postmasters email for a mail system we manage, ... an email from some list/spam server that offers an unsubscribe URL. ... a bounced email for a user that no longer has a mail box on the systems. ...
      (Vuln-Dev)
    • Re: [SLE] Post Nazis (WAS: Re: [SLE] Software Updates)
      ... archives) and giving help become much EASIER and FASTER. ... Otherwise, as another subscriber mentioned in this thread, this is ... I'll probably unsubscribe soon, since the noise (not ... of UNREADABLE/OT messages is too tiring to remain subscribed continuously ...
      (SuSE)
    • Re: to see ntfs
      ... >Internal Data ... >This text is part of the internal format of your mail folder, ... It is created automatically by the mail system ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list ...
      (Fedora)
    • Re: Event Subscription. Why?
      ... Each time you add or remove a subscriber you will create a new ... each call to MyEvent will only work with the current list. ... and actually it never will unless you unsubscribe (causing a nice memory ... managed object, and as long as the publishing class has a reference to it, ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Mailing list policy change?
      ... Perhaps a list subscriber is no longer sent a copy of ... I think users like me can easily subscribe or can easily request a CC. ... givers, who must generate many more emails, from having to explicitely ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)