Parallels Plesk Shortnames Open Email Relay Vulnerability

Bugtraq ID:	30956
Class:	Access Validation Error
CVE:	CVE-2008-6984
Remote:	Yes
Local:	No
Published:	Sep 01 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Felix Buenemann
Vulnerable:	Parallels Plesk 8.6
Not Vulnerable:

Parallels Plesk Shortnames Open Email Relay Vulnerability

Parallels Plesk is prone to an open-email-relay vulnerability because it fails to properly restrict login authentication in certain circumstances.

An attacker could exploit this issue by constructing a script that would send unsolicited spam to an unrestricted amount of email addresses from a forged email address.

Parallels Plesk 8.6.0 is vulnerable; other versions may also be affected.

Parallels Plesk Shortnames Open Email Relay Vulnerability

Attackers may exploit this issue by using readily available network utilities.

Parallels Plesk Shortnames Open Email Relay Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Parallels Plesk Shortnames Open Email Relay Vulnerability

References:

• Plesk Homepage (Parallels)
  
• Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges (Felix Buenemann )