Title: Cobalt Raq3 PopRelayD Arbitrary SMTP Relay Vulnerability
Severity: MODERATE
Description:
poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're accessing the system with.
A problem with the poprelayd script allows users to arbitrarily relay SMTP, which could lead to spamming.
The problem is due to the method in which the poprelayd script identifies users authorized to relay SMTP. The script parses /var/log/maillog for a string matching the following regular expression:
/POP login by user \"[\-\_\w]+\" at \(.+\) ([0-9]\.]+)/)
However, sendmail also logs to this file. A user may connect to the SMTP port, and create a malicious string that the sendmail server will log to /var/log/maillog, thus allowing the remote user to relay mail through the system.
Affected Products:
- Cobalt RaQ 3.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
