Sambar Server's SMTP Mail Server May Allow Remote Users to Relay Mail Through the Server
|
|
SecurityTracker Alert ID: 1002037 |
|
SecurityTracker URL: http://securitytracker.com/id/1002037
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 18 2001
|
Impact:
Host/resource access via network
|
Vendor Confirmed: Yes
|
Version(s): prior to 5.0 beta 6
|
Description:
A vulnerability was reported in the Sambar Server's mail server that allows remote users to use the server as an open mail relay.
The vendor reports that there is a vulnerability in the mail server that allows the SMTP server to act as an open relay if the "Restrict Relay IPs" configuration parameter is set.
The vendor notes that this parameter may not be necessary if either the "Restrict Relay = true" or "Require AUTH = true" parameters are set.
|
Impact:
A remote user can relay email via the Sambar server to other mail servers.
|
Solution:
The vendor is reportedly working on a fix for the pendign 5.0 beta 6 release.
|
Vendor URL: www.sambar.com/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 18 Jul 2001 12:10:50 -0400
Subject: Sambar Server Vulnerability
|
Mail Server Security Alert
There is a bug in the mail server that results in the SMTP server acting
as an open relay if the Restrict Relay IPs configuration parameter is
set. With either the Restrict Relay = true or Require AUTH = true
parameters, the Restrict Relay IPs is likely unnecessary. A bug fix is
being tested and will be released with the 5.0 beta 6 release in the
near future.
WWW Server Security Alert
All versions of the Sambar WWW Server are vulnerable to a SSI bug that
allows users to use the "#include file" functionality to display the
contents of files outside the Documents Directory. This exploit can only
be used by users that have access to upload .shtml files to the server.
This bug will been fixed in the 5.0 Beta 6 release and has been fixed in
the 5.0 Beta 6 preview patch (currently available).
All versions of the Sambar WWW Server with the exception of 5.0 beta 5
and later releases have a security vulnerability associated with the
pagecount sample code. Please immediately comment out the following line
in your config.ini and restart your server (or upgrade to 5.0 beta 5):
INIT = samples.dll:general_init
This will disable the pagecount RPC/scalar. A patch for this bug will be
released during the week of 6/20.
The 4.2 and 4.3 production releases contain a vulnerability in the
netutils sample code shipped with the server. A buffer-overrun exploit
can be used against the "finger" RPC. A fix for this bug is being
prepared and should be available the week of 6/12/2000. In the meantime,
you should modify your config.ini and comment out the line: INIT =
samples.dll:netutils_init. This will disable the network utility samples
and remove this exploit.
In addition, a security hole has been found in the 4.3 production
release that can allow .htm and .html files in a directory secured by
.htaccess constraints to be accessed via browser. To exploit this hole,
a user must know the file name in the secured directory. This hole can
be secured by using the security.ini file to secure the directory and/or
by renaming any .htm or .html files in the .htaccess secured directory
to .stm. The 4.4 beta 1 release includes a fix for this vulnerability.
Many thanks to Melvyn Sopacua and James Wright for bringing this bug to
my attention.
|
|
