| VID |
18036 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP server is vulnerable to a mail redirection attack.
This 'redirection' attack is caused by a Sendmail strange address parsing policy.
If an address ends with a local host name, Sendmail trims it and parses it as any other. That is, if a mail is sent to : user@hostname@victim. Then the remote SMTP server (victim) will happily send the mail to : user@hostname.
By using an address that ends with a local host name, an attacker may route a message through your firewall, in order to exploit other SMTP servers that can not be reached from the outside.
* Note: This check item may be a "False Positive", since some SMTP servers like postfix will not complain but drop messages used by this check item.
* References:
http://www.iss.net/security_center/static/3477.php
http://online.securityfocus.com/archive/1/11556 |
| Recommendation |
Insert the following line into /etc/sendmail.cf at the top of 'ruleset 98'.
R$*@$*@$* $#error $@ 5.7.1 $: "551 Sorry, no redirections." |
| Related URL |
CVE-1999-0393 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
