B21Soft BASP21 BSMTP.DLL CRLF Injection Vulnerability

Bugtraq ID:	23134
Class:	Input Validation Error
CVE:	CVE-2007-1713
Remote:	Yes
Local:	No
Published:	Mar 26 2007 12:00AM
Updated:	Oct 26 2016 05:08AM
Credit:	Tomoki Sanaki is credited with the discovery of this issue.
Vulnerable:	B21Soft BASP21 Pro 1.0 B21Soft BASP21 1.0.702 .27
Not Vulnerable:	B21Soft BASP21 Pro 1.0.704.16 B21Soft BASP21 2.7.5.31

B21Soft BASP21 BSMTP.DLL CRLF Injection Vulnerability

BASP21 is prone to a CRLF-injection vulnerability.

Attackers may exploit this vulnerability to modify email headers and manipulate the structure of outgoing messages. This can allow the attacker to set the recipient to an arbitrary value and may facilitate sending spam and other unsolicited mail distribution. Other attacks are also possible.

B21Soft BASP21 BSMTP.DLL CRLF Injection Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

B21Soft BASP21 BSMTP.DLL CRLF Injection Vulnerability

Solution:
The vendor has released a fixed version of the affected function library. Please see the references for more information.


B21Soft BASP21 1.0.702 .27

• B21Soft Bsmtp20070303.lzh
  http://www.hi-ho.ne.jp/babaq/data/Bsmtp20070303.lzh

B21Soft BASP21 BSMTP.DLL CRLF Injection Vulnerability

References:

• Vendor Homepage (BASP21)
  
• JVN#70380788: BASP21 vulnerable to mail header injection (JPCERT)