spamdyke smtp_filter() security bypass
| spamdyke-smtpfilter-security-bypass (42658) |  Medium Risk |
Description:
spamdyke could allow a remote attacker to bypass security restrictions, caused by the improper restricting of the DATA command by the smtp_filter() function. By sending DATA commands in a specific sequence, a remote attacker could exploit this vulnerability to bypass security restrictions and cause spamdyke to be used as an open mail relay.
*CVSS:
| Base Score: | 7.5 |
| Access Vector: | Network |
| Access Complexity: | Low |
| Authentication: | None |
| Confidentiality Impact: | Partial |
| Integrity Impact: | Partial |
| Availability Impact: | Partial |
| Temporal Score: | 5.5 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Bypass Security
Remedy:
Upgrade to the latest version of spamdyke (3.1.8 or later), available from the spamdyke Web site. See References.
References:
- spamdyke Changelog: VERSION 3.1.8 -- 5/21/2008.
- spamdyke Web site: spamdyke: A drop-in connection-time spam filter for qmail.
- CVE-2008-2784: The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
- SA30408: spamdyke "smtp_filter()" DATA Command Relay Vulnerability
- VUPEN/ADV-2008-1684: spamdyke smtp_filter() DATA Command Open Relay Vulnerability
Platforms Affected:
- Sam Clippinger spamdyke 3.0.0
- Sam Clippinger spamdyke 3.0.1
- Sam Clippinger spamdyke 3.1.0
- Sam Clippinger spamdyke 3.1.1
- Sam Clippinger spamdyke 3.1.2
- Sam Clippinger spamdyke 3.1.3
- Sam Clippinger spamdyke 3.1.4
- Sam Clippinger spamdyke 3.1.5
- Sam Clippinger spamdyke 3.1.6
- Sam Clippinger spamdyke 3.1.7
Reported:
May 21, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.