SquirrelMail Imap/smtp Injection

SquirrelMail Imap/smtp Injection

offline
  • SVITAC 
  • Legendarni građanin
  • Pridružio: 28 Apr 2003
  • Poruke: 5919
  • Gde živiš: Beograd

SquirrelMail IMAP/SMTP Injection
Published 20:05:53 08.03.2006

Citat:SquirrelMail is "a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation". A vulnerability within SquirrelMail allows authenticated remote attackers to inject arbitrary IMAP/SMTP commands into the SquirrelMail's mail server's connection stream.

Credit:
The information has been provided by Vicente Aguilera Diaz.

Vulnerable Systems:
* IMAP Injection: All versions prior to 1.4.6
* SMTP Injection: SquirrelMail version 1.2.7

Improper command and information validation transmitted by SquirrelMail to the mail servers during the normal use of this application (mailbox management, e-mail reading and sending, etc.) facilitates that an authenticate malicious user could inject arbitrary IMAP/SMTP commands into the mail servers used by SquirrelMail across parameters used by the webmail front-end in its communication with these mail servers.

This is become dangerous because the injection of these commands allows an intruder to evade restrictions imposed at application level, and exploit vulnerabilities that could exist in the mail servers through IMAP/SMTP commands.

Impact:
The IMAP/SMTP command injection allow relay, SPAM, exploit IMAP and SMTP vulnerabilities in the mail servers and evade all the restrictions at the application layer.

Solution:
Replace r and n from $mailbox in the function sqimap_mailbox_select.

Zakrpa: www.squirrelmail.org/security/issue/2006-02-15

Dopuna: 11 Mar 2006 18:54

više informacija, proof of concept, example:

astalavista.org



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Ko je trenutno na forumu
 

Ukupno su 560 korisnika na forumu :: 19 registrovanih, 2 sakrivenih i 539 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, aleksmajstor, Andrija357, ArmyBoss, Bane san, Battlehammer, hyla, komkom, Krusarac, mean_machine, Misirac, mnn2, Panter, raskoljnikov, vasa.93, Vlada1389, Vlada78, Yellow Pinky, 223223