This queue is for tickets about the SMTP-Server CPAN distribution.

Report information
The Basics
Id:
124765
Status:
open
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
hackyzh001 [...] gmail.com
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
(no value)
Fixed in:
(no value)



Subject: smtp command injection
From: hackyzh001@gmail.com
Proof of Conecpt: $to = '499671216@qq.com'; $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; $message = 'This message is sent with perl'; open(MAIL, "|/usr/sbin/sendmail -t"); print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n\n"; print MAIL $message; close(MAIL); print "send sucess\n"; -------------------------------- Then I will receive an email 'inject sucess' From:whitehat002 <whitehat002@hotmail.com> (Sent by <hackyzh@hackyzh-virtual-machine> ) Date:Tuesday, Mar 13, 2018 5:45 PM To: 道隐无名 <499671216@qq.com> This message is sent with perl You could use CRLF inject command.
Subject: [perl #132971] AutoReply: Fwd: [rt.cpan.org #124765] smtp command injection
Date: Tue, 13 Mar 2018 06:45:45 -0700
To: bug-SMTP-Server@rt.cpan.org
From: perl5-security-report-followup@perl.org
Greetings, This message has been automatically generated in response to the creation of a perl security report regarding: "Fwd: [rt.cpan.org #124765] smtp command injection". There is no need to reply to this message right now. Your ticket has been assigned an ID of [perl #132971]. Please include the string: [perl #132971] in the subject line of all future correspondence about this issue. To do so, you may reply to this message (please delete unnecessary quotes and text.) Thank you, perl5-security-report-followup@perl.org ------------------------------------------------------------------------- Return-Path: <perlmail@x6.develooper.com> X-Spam-Status: No, score=-2.2 required=6.0 tests=ALL_TRUSTED,BAYES_00, MIME_HEADER_CTYPE_ONLY,T_TVD_MIME_NO_HEADERS,URIBL_BLOCKED autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx3.develooper.com Received: from xx1.develooper.com (xx1.dev [10.0.100.115]) by rtperl.develooper.com (Postfix) with ESMTP id 422D4181 for <rt-perl5-security@rtperl.dev>; Tue, 13 Mar 2018 06:45:44 -0700 (PDT) Received: from localhost (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with ESMTP id D47EC11F77A for <rt-perl5-security@rtperl.dev>; Tue, 13 Mar 2018 06:45:43 -0700 (PDT) Received: from xx1.develooper.com (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with SMTP id 1053011F75B for <rt-perl5-security@rtperl.dev>; Tue, 13 Mar 2018 06:45:42 -0700 (PDT) Received: from x6.develooper.com (x6.develooper.com [207.171.7.86]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by xx1.develooper.com (Postfix) with ESMTPS id 0513A11F71D for <rt-perl5-security@rt.perl.org>; Tue, 13 Mar 2018 06:45:36 -0700 (PDT) Received: by x6.develooper.com (Postfix, from userid 514) id 7397F9EC; Tue, 13 Mar 2018 06:45:36 -0700 (PDT) Received: (qmail 18989 invoked from network); 13 Mar 2018 13:45:35 -0000 Received: from xx1.develooper.com (207.171.7.115) by x6.develooper.com with SMTP; 13 Mar 2018 13:45:35 -0000 Received: from localhost (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with ESMTP id 720DE11F77C for <perlmail-perl5-security-report@onion.perl.org>; Tue, 13 Mar 2018 06:45:35 -0700 (PDT) Received: from xx1.develooper.com (xx1.develooper.com [127.0.0.1]) by localhost (Postfix) with SMTP id 7953A11F71D for <perlmail-perl5-security-report@onion.perl.org>; Tue, 13 Mar 2018 06:45:32 -0700 (PDT) Received: from rtcpan.develooper.com (rtcpan.develooper.com [207.171.7.181]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xx1.develooper.com (Postfix) with ESMTPS id 6A03211F777 for <perl5-security-report@perl.org>; Tue, 13 Mar 2018 06:45:32 -0700 (PDT) Received: by rtcpan.develooper.com (Postfix, from userid 536) id 9CDA1838; Tue, 13 Mar 2018 06:45:09 -0700 (PDT) Date: Tue, 13 Mar 2018 09:45:09 -0400 From: bug-SMTP-Server@rt.cpan.org Subject: Fwd: [rt.cpan.org #124765] smtp command injection X-RT-Mail-Extension: perl5-security To: perl5-security-report@perl.org Message-ID: <20180313134509.9CDA1838@rtcpan.develooper.com> CC: From perlmail@x6.develooper.com Tue Mar 13 06:45:44 2018 Delivered-To: rt-perl5-security@rtperl.dev Delivered-To: perlmail-perl5-security-report@onion.perl.org X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2018.3.13.133316 X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2018.3.13.133316 X-Original-To: rt-perl5-security@rtperl.dev Content-Type: multipart/mixed; boundary="----------=_1520948709-22733-0" X-RT-Interface: Email
Subject: Re: [perl #132971] Fwd: [rt.cpan.org #124765] smtp command injection
Date: Tue, 13 Mar 2018 11:17:33 -0700
To: bug-SMTP-Server@rt.cpan.org
From: "Dave Mitchell via RT" <perl5-security-report-followup@perl.org>
On Tue, Mar 13, 2018 at 06:45:45AM -0700, via RT wrote:
Show quoted text
> This is forward of transaction #1776445 of a ticket #124765
Show quoted text
> Proof of Conecpt: > $to = '499671216@qq.com'; > $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; > > $message = 'This message is sent with perl'; > > open(MAIL, "|/usr/sbin/sendmail -t"); > print MAIL "To: $to\n"; > print MAIL "From: $from\n"; > print MAIL "Subject: $subject\n\n"; > print MAIL $message; > > close(MAIL); > print "send sucess\n"; > > -------------------------------- > > Then I will receive an email > > > 'inject sucess' > > From:whitehat002 <whitehat002@hotmail.com> > (Sent by <hackyzh@hackyzh-virtual-machine> ) > > Date:Tuesday, Mar 13, 2018 5:45 PM > To: > 道隐无名 <499671216@qq.com> > This message is sent with perl > > You could use CRLF inject command.
This is neither a bug in perl nor a bug an Net::SMTP::Server; I am closing the perl ticket. -- The Enterprise successfully ferries an alien VIP from one place to another without serious incident. -- Things That Never Happen in "Star Trek" #7
在2018-三月-13 14:17:38 星期二时,perl5-security-report-followup@perl.org写到:
Show quoted text
> On Tue, Mar 13, 2018 at 06:45:45AM -0700, via RT wrote:
> > This is forward of transaction #1776445 of a ticket #124765
>
> > Proof of Conecpt: > > $to = '499671216@qq.com'; > > $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; > > > > $message = 'This message is sent with perl'; > > > > open(MAIL, "|/usr/sbin/sendmail -t"); > > print MAIL "To: $to\n"; > > print MAIL "From: $from\n"; > > print MAIL "Subject: $subject\n\n"; > > print MAIL $message; > > > > close(MAIL); > > print "send sucess\n"; > > > > -------------------------------- > > > > Then I will receive an email > > > > > > 'inject sucess' > > > > From:whitehat002 <whitehat002@hotmail.com> > > (Sent by <hackyzh@hackyzh-virtual-machine> ) > > > > Date:Tuesday, Mar 13, 2018 5:45 PM > > To: > > 道隐无名 <499671216@qq.com> > > This message is sent with perl > > > > You could use CRLF inject command.
> > This is neither a bug in perl nor a bug an Net::SMTP::Server; > > I am closing the perl ticket. > >
If not one of these two, then can you tell me who this bug belongs to, sendmail?
在2018-三月-13 20:46:14 星期二时,hackyzh001@gmail.com写到:
Show quoted text
> 在2018-三月-13 14:17:38 星期二时,perl5-security-report-followup@perl.org写到:
> > On Tue, Mar 13, 2018 at 06:45:45AM -0700, via RT wrote:
> > > This is forward of transaction #1776445 of a ticket #124765
> >
> > > Proof of Conecpt: > > > $to = '499671216@qq.com'; > > > $from = "whitehat002\@hotmail.com\nSubject:'inject sucess'"; > > > > > > $message = 'This message is sent with perl'; > > > > > > open(MAIL, "|/usr/sbin/sendmail -t"); > > > print MAIL "To: $to\n"; > > > print MAIL "From: $from\n"; > > > print MAIL "Subject: $subject\n\n"; > > > print MAIL $message; > > > > > > close(MAIL); > > > print "send sucess\n"; > > > > > > -------------------------------- > > > > > > Then I will receive an email > > > > > > > > > 'inject sucess' > > > > > > From:whitehat002 <whitehat002@hotmail.com> > > > (Sent by <hackyzh@hackyzh-virtual-machine> ) > > > > > > Date:Tuesday, Mar 13, 2018 5:45 PM > > > To: > > > 道隐无名 <499671216@qq.com> > > > This message is sent with perl > > > > > > You could use CRLF inject command.
> > > > This is neither a bug in perl nor a bug an Net::SMTP::Server; > > > > I am closing the perl ticket. > > > >
> > > If not one of these two, then can you tell me who this bug belongs to, > sendmail?
Tticket #124769 is opened,please close this ticket.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.