Centrinity FirstClass Local User Mail Spoofing Vulnerability
BID:2423
Info
Centrinity FirstClass Local User Mail Spoofing Vulnerability
| Bugtraq ID: | 2423 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 21 2001 12:00AM |
| Updated: | Feb 21 2001 12:00AM |
| Credit: | This vulnerability was announced to Bugtraq by Mattias From <[email protected]> on February 21, 2001. |
| Vulnerable: |
Centrinity FirstClass 5.50 |
| Not Vulnerable: | |
Discussion
Centrinity FirstClass Local User Mail Spoofing Vulnerability
FirstClass is a small to mid-range intergrated software package designed to handle multiple message formats. It is distributed and maintained by Centrinity.
A problem with the package could allow for a social engineering attack. It is possible to remotely connect to the system on port 25, and send a mail from a user such as the admin using the MAIL FROM: command by encapsulating the name with angle-brackets, i.e. <ADMIN>. By doing so, it may be possible for a remote user to trick users into performing actions which may create an opportunity for attack on the network.
This problem makes it possible for a remote user to launch a social engineering attack. This problem is also present in other SMTP servers which allow remote users to connect and assume the identity of local users.
FirstClass is a small to mid-range intergrated software package designed to handle multiple message formats. It is distributed and maintained by Centrinity.
A problem with the package could allow for a social engineering attack. It is possible to remotely connect to the system on port 25, and send a mail from a user such as the admin using the MAIL FROM: command by encapsulating the name with angle-brackets, i.e. <ADMIN>. By doing so, it may be possible for a remote user to trick users into performing actions which may create an opportunity for attack on the network.
This problem makes it possible for a remote user to launch a social engineering attack. This problem is also present in other SMTP servers which allow remote users to connect and assume the identity of local users.
Exploit / POC
Centrinity FirstClass Local User Mail Spoofing Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Centrinity FirstClass Local User Mail Spoofing Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Centrinity FirstClass Local User Mail Spoofing Vulnerability
References:
References: