Skip Menu |

This queue is for tickets about the SMTP-Server CPAN distribution.

Report information
The Basics
Id: 124765
Status: open
Priority: 0/
Queue: SMTP-Server
People
Owner: Nobody in particular
Requestors: hackyzh001 [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Mar 13 09:42:17 2018 hackyzh001 [...] gmail.com - Ticket created
Subject: smtp command injection
From: hackyzh001 [...] gmail.com
Proof of Conecpt: $to = '499671216@qq.com'; $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; $message = 'This message is sent with perl'; open(MAIL, "|/usr/sbin/sendmail -t"); print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n\n"; print MAIL $message; close(MAIL); print "send sucess\n"; -------------------------------- Then I will receive an email 'inject sucess' From:whitehat002 <whitehat002@hotmail.com> (Sent by <hackyzh@hackyzh-virtual-machine> ) Date:Tuesday, Mar 13, 2018 5:45 PM To: 道隐无名 <499671216@qq.com> This message is sent with perl You could use CRLF inject command.
  Tue Mar 13 09:45:09 2018 hackyzh001 [...] gmail.com - Forwarded Transaction #1776445 to perl5-security-report@perl.org
  Tue Mar 13 09:45:57 2018 perl5-security-report-followup [...] perl.org - Correspondence added
Subject: [perl #132971] AutoReply: Fwd: [rt.cpan.org #124765] smtp command injection
Date: Tue, 13 Mar 2018 06:45:45 -0700
To: bug-SMTP-Server [...] rt.cpan.org
From: perl5-security-report-followup [...] perl.org
Greetings, This message has been automatically generated in response to the creation of a perl security report regarding: "Fwd: [rt.cpan.org #124765] smtp command injection". There is no need to reply to this message right now. Your ticket has been assigned an ID of [perl #132971]. Please include the string: [perl #132971] in the subject line of all future correspondence about this issue. To do so, you may reply to this message (please delete unnecessary quotes and text.) Thank you, perl5-security-report-followup@perl.org ------------------------------------------------------------------------- Return-Path: <perlmail@x6.develooper.com> X-Spam-Status: No, score=-2.2 required=6.0 tests=ALL_TRUSTED,BAYES_00, MIME_HEADER_CTYPE_ONLY,T_TVD_MIME_NO_HEADERS,URIBL_BLOCKED autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx3.develooper.com Received: from xx1.develooper.com (xx1.dev [10.0.100.115]) by rtperl.develooper.com (Postfix) with ESMTP id 422D4181 for <rt-perl5-security@rtperl.dev>; Tue, 13 Mar 2018 06:45:44 -0700 (PDT) Received: from localhost (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with ESMTP id D47EC11F77A for <rt-perl5-security@rtperl.dev>; Tue, 13 Mar 2018 06:45:43 -0700 (PDT) Received: from xx1.develooper.com (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with SMTP id 1053011F75B for <rt-perl5-security@rtperl.dev>; Tue, 13 Mar 2018 06:45:42 -0700 (PDT) Received: from x6.develooper.com (x6.develooper.com [207.171.7.86]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by xx1.develooper.com (Postfix) with ESMTPS id 0513A11F71D for <rt-perl5-security@rt.perl.org>; Tue, 13 Mar 2018 06:45:36 -0700 (PDT) Received: by x6.develooper.com (Postfix, from userid 514) id 7397F9EC; Tue, 13 Mar 2018 06:45:36 -0700 (PDT) Received: (qmail 18989 invoked from network); 13 Mar 2018 13:45:35 -0000 Received: from xx1.develooper.com (207.171.7.115) by x6.develooper.com with SMTP; 13 Mar 2018 13:45:35 -0000 Received: from localhost (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with ESMTP id 720DE11F77C for <perlmail-perl5-security-report@onion.perl.org>; Tue, 13 Mar 2018 06:45:35 -0700 (PDT) Received: from xx1.develooper.com (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with SMTP id 7953A11F71D for <perlmail-perl5-security-report@onion.perl.org>; Tue, 13 Mar 2018 06:45:32 -0700 (PDT) Received: from rtcpan.develooper.com (rtcpan.develooper.com [207.171.7.181]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xx1.develooper.com (Postfix) with ESMTPS id 6A03211F777 for <perl5-security-report@perl.org>; Tue, 13 Mar 2018 06:45:32 -0700 (PDT) Received: by rtcpan.develooper.com (Postfix, from userid 536) id 9CDA1838; Tue, 13 Mar 2018 06:45:09 -0700 (PDT) Date: Tue, 13 Mar 2018 09:45:09 -0400 From: bug-SMTP-Server@rt.cpan.org Subject: Fwd: [rt.cpan.org #124765] smtp command injection X-RT-Mail-Extension: perl5-security To: perl5-security-report@perl.org Message-ID: <20180313134509.9CDA1838@rtcpan.develooper.com> CC: From perlmail@x6.develooper.com Tue Mar 13 06:45:44 2018 Delivered-To: rt-perl5-security@rtperl.dev Delivered-To: perlmail-perl5-security-report@onion.perl.org X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2018.3.13.133316 X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2018.3.13.133316 X-Original-To: rt-perl5-security@rtperl.dev Content-Type: multipart/mixed; boundary="----------=_1520948709-22733-0" X-RT-Interface: Email
  Tue Mar 13 09:45:58 2018 The RT System itself - Status changed from 'new' to 'open'
  Tue Mar 13 09:45:58 2018 The RT System itself - Subject changed from 'smtp command injection' to 'smtp command injection [perl #132971]'
  Tue Mar 13 14:17:38 2018 perl5-security-report-followup [...] perl.org - Correspondence added
Subject: Re: [perl #132971] Fwd: [rt.cpan.org #124765] smtp command injection
Date: Tue, 13 Mar 2018 11:17:33 -0700
To: bug-SMTP-Server [...] rt.cpan.org
From: "Dave Mitchell via RT" <perl5-security-report-followup [...] perl.org>
On Tue, Mar 13, 2018 at 06:45:45AM -0700, via RT wrote: Show quoted text
> This is forward of transaction #1776445 of a ticket #124765
Show quoted text
> Proof of Conecpt: > $to = '499671216@qq.com'; > $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; > > $message = 'This message is sent with perl'; > > open(MAIL, "|/usr/sbin/sendmail -t"); > print MAIL "To: $to\n"; > print MAIL "From: $from\n"; > print MAIL "Subject: $subject\n\n"; > print MAIL $message; > > close(MAIL); > print "send sucess\n"; > > -------------------------------- > > Then I will receive an email > > > 'inject sucess' > > From:whitehat002 <whitehat002@hotmail.com> > (Sent by <hackyzh@hackyzh-virtual-machine> ) > > Date:Tuesday, Mar 13, 2018 5:45 PM > To: > 道隐无名 <499671216@qq.com> > This message is sent with perl > > You could use CRLF inject command.
This is neither a bug in perl nor a bug an Net::SMTP::Server; I am closing the perl ticket. -- The Enterprise successfully ferries an alien VIP from one place to another without serious incident. -- Things That Never Happen in "Star Trek" #7
  Tue Mar 13 20:46:14 2018 hackyzh001 [...] gmail.com - Correspondence added
在2018-三月-13 14:17:38 星期二时,perl5-security-report-followup@perl.org写到: Show quoted text
> On Tue, Mar 13, 2018 at 06:45:45AM -0700, via RT wrote:
> > This is forward of transaction #1776445 of a ticket #124765
>
> > Proof of Conecpt: > > $to = '499671216@qq.com'; > > $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; > > > > $message = 'This message is sent with perl'; > > > > open(MAIL, "|/usr/sbin/sendmail -t"); > > print MAIL "To: $to\n"; > > print MAIL "From: $from\n"; > > print MAIL "Subject: $subject\n\n"; > > print MAIL $message; > > > > close(MAIL); > > print "send sucess\n"; > > > > -------------------------------- > > > > Then I will receive an email > > > > > > 'inject sucess' > > > > From:whitehat002 <whitehat002@hotmail.com> > > (Sent by <hackyzh@hackyzh-virtual-machine> ) > > > > Date:Tuesday, Mar 13, 2018 5:45 PM > > To: > > 道隐无名 <499671216@qq.com> > > This message is sent with perl > > > > You could use CRLF inject command.
> > This is neither a bug in perl nor a bug an Net::SMTP::Server; > > I am closing the perl ticket. > >
If not one of these two, then can you tell me who this bug belongs to, sendmail?
  Tue Mar 13 22:09:57 2018 hackyzh001 [...] gmail.com - Correspondence added
在2018-三月-13 20:46:14 星期二时,hackyzh001@gmail.com写到: Show quoted text
> 在2018-三月-13 14:17:38 星期二时,perl5-security-report-followup@perl.org写到:
> > On Tue, Mar 13, 2018 at 06:45:45AM -0700, via RT wrote:
> > > This is forward of transaction #1776445 of a ticket #124765
> >
> > > Proof of Conecpt: > > > $to = '499671216@qq.com'; > > > $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; > > > > > > $message = 'This message is sent with perl'; > > > > > > open(MAIL, "|/usr/sbin/sendmail -t"); > > > print MAIL "To: $to\n"; > > > print MAIL "From: $from\n"; > > > print MAIL "Subject: $subject\n\n"; > > > print MAIL $message; > > > > > > close(MAIL); > > > print "send sucess\n"; > > > > > > -------------------------------- > > > > > > Then I will receive an email > > > > > > > > > 'inject sucess' > > > > > > From:whitehat002 <whitehat002@hotmail.com> > > > (Sent by <hackyzh@hackyzh-virtual-machine> ) > > > > > > Date:Tuesday, Mar 13, 2018 5:45 PM > > > To: > > > 道隐无名 <499671216@qq.com> > > > This message is sent with perl > > > > > > You could use CRLF inject command.
> > > > This is neither a bug in perl nor a bug an Net::SMTP::Server; > > > > I am closing the perl ticket. > > > >
> > > If not one of these two, then can you tell me who this bug belongs to, > sendmail?
Tticket #124769 is opened,please close this ticket.