Bugtraq mailing list archives
Security Issues with HIGHSPEEDWEB.NET leased servers
From: bmueller () CREOTECH COM (Brian Mueller)
Date: Wed, 19 Jan 2000 20:42:09 -0500
Recently I started leased a dedicated server from HIGHSPEEDWEB.NET, it came preconfigured (somewhat) and I was told that it would be "secure" for telnet (only specifically stated IP address(s) could gain access), etc. However, I have found that this is not the case, it seems that they do not place limiting information in the host.deny file so anyone can still telnet into the server. Also, their mail configuration which allows users to add mail aliases either via a web interface or by editing a file called .mailalias in their home directories is faulty. Users may place _ANY_ valid local domain into this file and forward mail from that domain to their email address. The system works by running a cron script once per day and updating the sendmail virtual user database. The following is an example person A has a webhosting account on the HIGHSPEEDWEB.NET configured server, person B wishes to "steal" email from Person A, they are targeting the sales () person-a-domain com as the attacked address and they are going to have that forwarded to foo () bar com, they add the following line to their .mailalias file sales () person-a-domain com foo () bar com when the next update occurs any email sent to sales () person-a-domain com will be forwarded to foo () bar com, this also works with wildcards i..e. @person-a-domain.com foo () bar com would work if your entry is read into the sendmail virtual user database before the one that exists in Person A's directory. I notified HIGHSPEEDWEB.NET of the security issue well over a month ago and have not had any response from them regarding a fix. I however did instate one of my own my forcing users to call myself to have aliases added for the time being. Brian Mueller ************************************************* Brian Mueller President/CEO CreoTech "We are the future" www.creotech.com bmueller () creotech com 513.722.8645 *************************************************
Current thread:
- Security Issues with HIGHSPEEDWEB.NET leased servers Brian Mueller (Jan 19)
- Re: Security Issues with HIGHSPEEDWEB.NET leased servers Pedro Hugo (Jan 20)
- Nortel Contivity Vulnerability: typo foo (Jan 21)
- Re: Nortel Contivity Vulnerability: typo John Duksta (Jan 25)
- Re: Nortel Contivity Vulnerability: typo Ray Beaulieu (Jan 26)
- Re: Nortel Contivity Vulnerability: typo John Duksta (Jan 25)
- <Possible follow-ups>
- Re: Security Issues with HIGHSPEEDWEB.NET leased servers Brian Mueller (Jan 20)