Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (E-mail Client)  >   PieterPost Vendors:   Boender, Ferry
PieterPost Virtual Account May Let Remote Users Send Anonymous E-mail
SecurityTracker Alert ID:  1008340
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 1 2003
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 0.10.6
Description:   A vulnerability was reported in PieterPost. A remote user can access a generic e-mail account to send anonymous e-mail.

It is reported that a remote user can supply the following URL to gain access to a "virtual" account:


A remote user can reportedly send anonymous e-mail from this account.

Impact:   A remote user may be able to send anonymous e-mail via the system.
Solution:   The vendor has released a fixed vesion (0.10.7), available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  Pieterpost - access to "vitual" account

Hello bugtraq readers and writers !

name: PieterPost 0.10.6
about: "PieterPost is a webbased interface to a pop3 mailbox. It is designed to be
           both small and easy to use"

what: entering url anyone can get access
         to "virtual" account.

 I don't think that can be a big vuln, but at this moment anyone can send spam
from such server and fake e-mail's. This work only with default configuration
(localhost as pop3 server) and weak MTA agent - posible to change From header
sending from localhost.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC