eGroup.mailing.lists.txt

`Date: Sat, 24 Apr 1999 08:59:19 +0300  
From: Philip Stoev <[email protected]>  
To: [email protected]  
Subject: eGROUPS security flaw  
  
eGROUPS (wwww.egroups.com) is a web site providing mailing list services.  
The mailing lists (aka groups) can be moderated, and the moderator can  
approve/revoke posted messages by sending blank emails to certain addresses  
in the egroups system. This makes it trivial for anyone to approve a  
message without being a moderator.  
  
1. Take a look at the header of some previous message sent to the group.  
Extract the following header line:  
  
Return-Path: <[email protected]>  
  
the number XXX here is a sequence number assigned to each message sent to  
the group.  
  
2. Send the message you want to send to the list. The message will be sent  
to the moderator for approval.  
  
3. Send 256 blank messages to addresses like:  
  
[email protected]  
  
Where  
ZZ is a hexadecimal number from 00 to FF.  
YYY is XXX + 1;  
  
The presence of the ZZ number appears to be an attempt to put some security  
into the entire system. However, this number is constant for each group and  
does not change in time. Once guessed, subsequent messages can be approved  
with a single email.  
  
Your message will appear as if approved by the moderator and will be  
distributed to the group. No header spoofing is necessary, because the  
eGROUPS system does not check the source address of the incoming messages.  
  
eGROUPS was notified exactly one week ago.  
  
Philip Stoev  
  
-Prepare for SAT & TOEFL at http://studywiz.hypermart.net  
=This message was sent by Philip Stoev ([email protected])  
=tel: (359 2) 715949, ICQ: 23465869  
  
`