Package: imp4 Version: 4.1.3-4 Severity: grave Tags: security Justification: user security hole
Imp4 allows spammer to inject email throught it with out login. this is an example: 80.30.19.50 - - [11/Aug/2008:19:26:31 -0400] "GET /imp/expand.php HTTP/1.1" 200 243 "http://mail.domain.tld/imp/compose.php?thismailbox=INBOX&uniq=1218497650159"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322;.NET CLR 2.0.50727)" 80.30.19.50 - - [11/Aug/2008:19:31:13 -0400] "GET /imp/expand.php?actionID=expand_addresses&field_name=bcc&field_value=-shayna-maydle-%40excite.com%2C%2005%40hotmail.com%2C%20100.218017%40germanynet.de%2C%2012645%40msn.com%2C%201633%40hotmail.com%2C%201964%40yahoo.com%2C%201%401.com%2C%201I%40HOTMAIL.COM%2C%201ofthegoodguys%40go.com%2C%201wmrnhbus%40treddmd.com%2C%20202-0549%40mcimail.com%2C%2025%40earthlink.net%2C%2025%40yahoo.com%2C%202manyids%40corvettefun.com%2C%2031299%40yahoo.com%2C%20373%40hotmail.com%2C%2039ya7%40rocketmail.com%2C%203par%40msn.com%2C%2041392%4041392.br%2C%204kerrs%40cableregina.com%2C%20514alsoo%40alatavissta.com%2C%20517%40yahoo.com%2C%205402%40student-mail.jsu.edu%2C%2078019%40udel.edu%2C%207m%40work.com%2C%208adgihf%40maill.com%2C%208gk%40aquaed.de%2C%208rlkges%40usaa.com%2C%209loucke%40fontbonne.edu%2C%20ANNBRUCE%40SCCOAST.NET%2C%20AT..toyotaregister%40hotmail.com%2C%20Amanda090%40webtv.co%2C%20BASkeen27%40aol.com%2C%20BSGReunion58%40aol.com%2C%20BThomas688%40aol.com%2C%20Bama%40yahoo.com%2C%20Bckboys3%40aol.com%2C%20Beans%40aol.com%2C%20Benjstr%40prodigy.net%2C%20BethGerace%40aol.com%2C%20Bhand%40aol.com%2C%20Budda216%40aol.com%2C%20CBRAD1546%40AOL.COM%2C%20CDCA%40WANADOO.FR%2C%20CJM1993%40aol.com%2C%20CPANOT%40AOL.COM%2C%20CUDAGRL040872%40YAHOO.COM%2C%20DC1000%40AOL.COM%2C%20DGUMBITA%40STARPOWER.NET%2C%20Darksaber76%40hotmail.com%2C%20Datkison%40yahoo.com%2C%20Discolady1349%40cs.com%2C%20EDMR2%40WEBTV.NET%2C%20Esgstone37%40aol.Com%2C%20GARYOLSEN%40AOL.COM%2C%20GSLATER%40IPA.NET%2C%20GSRcivic7%40hotmail.com%2C%20GaMaCBaker%40cs.comWent%2C%20GoLela%40aol.com%2C%20Gsmall1835%40aol.com%2C%20HOTSUSIE%40VERIZON.NET%2C%20Hecsr5%40hotmail.com%2C%20Hermelindoperez%40msn.com%2C%20HlthSolutn%40aol.com%2C%20HolJL%40aol.com%2C%20Hotheat100%40aol.com%2C%20Hovindfam%40aol.com%2C%20JAMMYDODGERS2000%40HOTMAIL.COM%2C%20JEDRN67%40aol.com%2C%20JMRIVERA0469%40BELLSOUTH.NET%2C%20JPYTHON%40WEBTV.NET%2C%20JWeiner576%40aol.com%2C%20Jabbajar%40yahoo.com%2C%20Jadim274%40aol.com%2C%20JaysAccounts%40yahoo.com%2C%20John.p.sousa%40citigroup.com%2C%20JohnanaSyl%40pronet.ne HTTP/1.1" 200 1106 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" So i cannot block expand.php because this is use by the user that log into the systen to send email..... but besides the spammers are abusing the system. Someone with this problem? Regards. Michael.- -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
