Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

spoofing of local email sender via a homoglyph attack

Related Vulnerabilities: CVE-2020-12063  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
spoofing of local email sender via a homoglyph attack

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: PromiseLabs Pentest Research &lt;pentest () promiselabs net&gt;

Date: Thu, 23 Apr 2020 15:10:55 +0300

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,

The provided versions seem to be wrong on this request, sorry for this.

The exact version is from the postfix-2.10.1-7.el7.x86_64 package, thus
the version stated in the CVE should be 2.10.1.

---
PLPR:
Plamen Dimitrov
Penetration Tester, CEH &amp; OSCP certified

Promise Solutions LTD
Penetration Testing and Managed Security services

https://www.promisedev.com
https://www.promiselabs.net
+359 883 22 05 12

On 2020-04-22 18:20, cve-request () mitre org wrote: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The CVE ID is below. As far as we know, 3.3.0-1 is not a commonly
used version. Please see the "[Reference]" section below.

[Suggested description]
A certain Postfix 3.3.0-1 package could allow an attacker to send
an email from an arbitrary-looking sender via a homoglyph attack,
as demonstrated by the similarity of \xce\xbf to the 'o' character.

------------------------------------------

[Additional Information]
Postfix allows an email from unsanitized input, pretending to be from
an existing user on the mail system, which may look exactly the same.
For example, it is possible sending an email using the hex character
\xce\ xbf, which looks exactly like the letter 'o'. In case the user
john.doe exists on the mail server, postfix would not allow to send an
email from this email account unless an unauthorized attempt is made.
However, in case we substitute the letter 'o' with the hex character
\xce\xbf, it will look exactly like it's being sent from john.doe,
although john.doe (j&lt;\xce\xbf)hn.doe) is actually different from
the other.

------------------------------------------

[Vulnerability Type]
Incorrect Access Control

------------------------------------------

[Vendor of Product]
postfix

------------------------------------------

[Affected Product Code Base]
postfix 3.3.0-1 - 3.3.0-1

------------------------------------------

[Affected Component]
postfix mail server

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Discoverer]
d7x, Promise Solutions LTD / www.promiselabs.net [1]

------------------------------------------

[Reference]
https://www.promiselabs.net
https://repology.org/project/postfix/versions
http://www.postfix.org/announcements.html

Use CVE-2020-12063.

- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJeoGCRAAoJEPNX0OmQPkAIyDAQAI56GXHXS1AJQVx2nBBJosam
6d/mtkM+LozhzpBVydzed58z8P/Q/qGWXzdT0mmIvq+X2WQp7pvCrUH7l9wkniH+
0FD0c+LO2T/oU7a6sqZ7EHC0V3GPKu/F1W+reNB9V0v8LyAfHLE50AdvHZZjGIHc
lUvw/hqt+7NqpR2HFyjyA3sb1K8ZiqBcmxwV9ecECUx/smXFpjtdV9hTz7A9mgj8
ggkSjrkMQBsYqiU2OvPEfn4aKskavqTYLqVMxztieICoDPvNAGj+lnZIz4o6WIig
d2lqtZ+/8fPVUaYGCikacMNAE4BGs61BQT7tuYdbMt8+wWnB+IU84hBC7Lb7OE8L
7O59MmmIF/C/jaaSmwy+FlSk+ZE95Q+SV7CHoYMLeongByo5drvqVuK79t5KVGDO
L6m85ta3Jh/zzQ6srg6REgPuM1Q2cFwu7FmWg4vAEamCwHnjv6D6xRBRO4lBm9V1
Upek80hF+BI/JwvKlpng1pzKrClqvzGdeZA4kw5MLoiEN19cf2W85nO0L+cpoLbQ
ixz/TarYDG9QQ89U3aJcrLDMH6hGsPKmTvD8dy5sVh+J3qK/zvj/eR98xy5jbKAn
pt57X5qFkfu+Sf9yrC3RFBiNTJ/UB4vb0/25g8M4e+vUMb/kkNxbVVNoAg56Wl1M
NLgC/CCd32QpiUFehvF2
=T4/w
-----END PGP SIGNATURE-----
 

Links:
------
[1] http://www.promiselabs.net
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)

Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)

Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)

Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
Re: spoofing of local email sender via a homoglyph attack Jeremy Stanley (Apr 23)

Re: spoofing of local email sender via a homoglyph attack John Haxby (Apr 23)

Re: spoofing of local email sender via a homoglyph attack Wietse Venema (Apr 23)

Re: spoofing of local email sender via a homoglyph attack Claus Assmann (Apr 23)

Re: spoofing of local email sender via a homoglyph attack Stuart D. Gathman (Apr 23)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started