[AMaViS-user] FW: Exploiting Google MX servers as Open SMTP Relays
Michael Scheidell
based on google, googlegroups, or gmail accounts until google fixes this.
-- =
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
------ Forwarded Message
> From: <pablo....@upr.edu>
> Date: 7 May 2008 20:37:46 -0000
> To: <bug...@securityfocus.com>
> Subject: Exploiting Google MX servers as Open SMTP Relays
> =
> =
> Vulnerability Report:
> =
> As part of our recent work on the trust hierarchy that exists among email
> providers throughout the Internet, we have uncovered a serious security f=
law
> in Ggoogle's free email service, Gmail. This vulnerability exposes Google=
's
> email servers in a way that allows an attacker to use them as open spam a=
nd
> phishing relays. This issue is related to the risk of a malicious user ab=
using
> Gmail's email forwarding functionality. This is possible because Gmail's =
email
> forwarding functionality does not impose proper security restrictions dur=
ing
> its setup process and can be easily subverted. By exploiting this problem=
an
> attacker can send unlimited spam and phishing (i.e. forged) email messages
> that are delivered by Google's very own SMTP servers. Since the messages =
are
> delivered by Google's own servers, an attack based on this flaw is able to
> bypass all spam filters that are based on the blacklist / whitelist conce=
pt.
> We were able to confirm that this vulnerability is indeed exploitable b
> y crafting a proof of concept attack that allowed us to send any number =
of
> forged email messages without restriction through Google's server
> infrastructure. We have also verified that this flaw allows attackers to
> bypass spam filters by using our method to send messages that are usually
> flagged as spam. While sending these messages directly from our network i=
n the
> traditional way had the messages classified as spam, by sending the very =
same
> messages using our exploit, the messages were delivered directly to the
> victim's inbox, thus bypassing filters.
> =
> Impact:
> =
> All email providers that offer Google's SMTP servers any special level of
> trust (e.g. whitelist status) are vulnerable.
> =
> Disclosure:
> We have contacted Google about this issue and are waiting for their posit=
ion
> before releasing further details.
> =
> For more information, visit our homepage:
> http://ece.uprm.edu/~andre/insert
> =
> =
> Regards, =
> =
> =
> Pablo Ximenes, Andr=E9 dos Santos
> =
> INSERT - Information Security Research Team
> University of PR at Mayaguez (UPRM), USA
> State University of Cear=E1 (UECE), Brazil
> =
> pablo....@upr.edu, an...@dossantos.org
> =
------ End of Forwarded Message
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). =
For Information please see http://www.spammertrap.com
_________________________________________________________________________
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference =
Don't miss this year's exciting event. There's still time to save $100. =
Use priority code J8TL2D2. =
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/java=
one
_______________________________________________
AMaViS-user mailing list
AMaVi...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/