|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11302] Qmail Non-Delivery Notification DDoS Security Issue
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Apr 08 2004 - 09:10:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Qmail Non-Delivery Notification DDoS Security Issue
SECUNIA ADVISORY ID:
SA11302
VERIFY ADVISORY:
http://secunia.com/advisories/11302/
CRITICAL:
Less critical
IMPACT:
WHERE:
From remote
SOFTWARE:
qmail 1.x
DESCRIPTION:
Stefan Frei, Ivo Silvestri, and Gunter Ollmann recently published a
paper describing a way to utilise certain mail servers for DDoS
(Distributed Denial-of-Service) attacks on other systems.
The paper discusses the way certain mail servers are configured, how
NDNs (Non-Delivery Notifications) are returned, and the content of
these when a local user doesn't exist.
Many larger corporations set up external mail servers to accept all
mails for domains, they're responsible for, without checking whether
the recipients exist or not. This may be a problem since some mail
servers return a NDN for each non-existent user and includes the
original email text and attachments.
This may potentially be exploited to conduct a DDoS against a victim
by sending emails with the victim specified as the sender to multiple
non-existent recipients on a domain, which a mail server exhibiting
this behavior is responsible for.
This will result in the mail servers acting as a sort of multiplier,
since a NDN is returned to the victim for each non-existent recipient
in the email.
The problem may especially affect qmail, since it by default exhibits
this inappropriate behavior when returning NDNs. At the same time,
550 errors aren't returned when a recipient doesn't exist. Mails are
instead accepted, and NDNs are then later returned if the users don't
exist.
SOLUTION:
Use a default domain wide account for each domain listed in rcpthosts
to prevent your mail server from being used as a platform for DDoS
attacks.
PROVIDED AND/OR DISCOVERED BY:
Stefan Frei, Ivo Silvestri, and Gunter Ollmann.
ORIGINAL ADVISORY:
http://www.techzoom.net/paper-mailbomb.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]