发布时间 :2004-03-03 00:00:00
修订时间 :2017-07-10 21:29:14

[原文]cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.

[CNNVD]MIT CGIEmail任意邮件接收中继漏洞(CNNVD-200403-019)

        cgiemail存在漏洞。远程攻击者可以借助回车换行向例如 "required-subject,"的参数中注入换行符(%0a)的编码字符。该漏洞可以用来修改抄送,密送以及其他邮件消息中的头字段。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20020614 Another cgiemail bug
(UNKNOWN)  BUGTRAQ  20031003 patch for vulnerability in cgiemail
(UNKNOWN)  XF  cgiemail-open-mail-relay(9361)

- 漏洞信息

MIT CGIEmail任意邮件接收中继漏洞
中危 输入验证
2004-03-03 00:00:00 2005-10-20 00:00:00
        cgiemail存在漏洞。远程攻击者可以借助回车换行向例如 "required-subject,"的参数中注入换行符(%0a)的编码字符。该漏洞可以用来修改抄送,密送以及其他邮件消息中的头字段。

- 公告与补丁

        Debian has released advisory DSA 437-1 dealing with this issue:
        MIT cgiemail 1.6

- 漏洞信息

cgiemail Open E-Mail Relay
Remote / Network Access Authentication Management, Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

MIT cgiemail contains a flaw that allows a remote attacker to send e-mail without authentication. The issue us due to the program not asking or requiring authentication credentials to send e-mail. If an attacker (or spammer) uses this, mail can be sent through the server and made to appear from the victim network.

- 时间线

2002-07-16 Unknow
2002-07-16 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, third parties have released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MIT CGIEmail Arbitrary Recipient Mail Relay Vulnerability
Input Validation Error 5013
Yes No
2002-06-14 12:00:00 2009-07-11 01:56:00
Credited to sec <>.

- 受影响的程序版本

MIT cgiemail 1.6

- 漏洞讨论

A vulnerability has been reported for cgiemail that allows cgiemail to act as an open relay for email. The vulnerability is due to failure of proper santization of user supplied values. In particular the new line code "%0a" is not filtered properly.

As a result, a malicious user may trivially specify any email address, effectively using the script as an open mail relay.

- 漏洞利用

There is no exploit code required.

- 解决方案

Debian has released advisory DSA 437-1 dealing with this issue:

MIT cgiemail 1.6

- 相关参考