Re: [tor-bugs] #26706 [Webpages/Website]: The Tor Website SMTP Open Relay - eugeni.torproject.org

2018-07-10 Thread Tor Bug Tracker & Wiki 
#26706: The Tor Website SMTP Open Relay - eugeni.torproject.org
--+--
 Reporter:  t4rkd3vilz|  Owner:  (none)
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  closed => reopened
 * resolution:  worksforme =>


Comment:

 1:31 PM Ticket #26700 (Batch merge for Relay Search patches) closed by irl
 fixed: Thanks!
 1:31 PM Tickets #25199,25242,25533,25861,26518 batch updated by irl
 fixed: Merged in #26700.
 1:31 PM Ticket #26525 (Rename sandbox_getaddrinfo() functions.) closed by
 nickm
 fixed: merged!
 1:22 PM Ticket #25512 (Tor in-process restart fails to write auth cookie)
 closed by nickm
 fixed: Cherry-picked into 0.3.3; fix should be in the next maint-0.3.3
 release.
 1:22 PM Ticket #26700 (Batch merge for Relay Search patches) updated by
 karsten
 Merged, pushed to master, and deployed. Can't close because of child …
 1:21 PM Ticket #25512 (Tor in-process restart fails to write auth cookie)
 updated by nickm
 Milestone changed
 Hang on -- you said that you were testing 0.3.3.7; this bug has only …
 1:17 PM Ticket #25512 (Tor in-process restart fails to write auth cookie)
 updated by nickm
 Status changed
 1:15 PM Ticket #26455 (use correct CARGO_HOME in test_rust.sh) closed by

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26706 [Webpages/Website]: The Tor Website SMTP Open Relay - eugeni.torproject.org

2018-07-09 Thread Tor Bug Tracker & Wiki 
#26706: The Tor Website SMTP Open Relay - eugeni.torproject.org
--+--
 Reporter:  t4rkd3vilz|  Owner:  (none)
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  closed => reopened
 * resolution:  worksforme =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26706 [Webpages/Website]: The Tor Website SMTP Open Relay - eugeni.torproject.org

2018-07-09 Thread Tor Bug Tracker & Wiki 
#26706: The Tor Website SMTP Open Relay - eugeni.torproject.org
--+
 Reporter:  t4rkd3vilz|  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by irl):

 * status:  new => closed
 * resolution:   => worksforme


Comment:

 {{{
 Connected to eugeni.torproject.org.
 Escape character is '^]'.
 EHLO s220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
 hiftout.plus.com
 250-eugeni.torproject.org
 250-PIPELINING
 250-SIZE 1024
 250-ETRN
 250-STARTTLS
 250-ENHANCEDSTATUSCODES
 250-8BITMIME
 250 DSN
 MAIL FROM:
 250 2.1.0 Ok
 RCPT TO:
 454 4.7.1 : Relay access denied
 }}}

 {{{
 220 eugeni.torproject.org ESMTP Postfix (Debian/GNU) [2721 ms]
 EHLO EC2AMAZ-14J9QQI.mxtoolbox.com
 250-eugeni.torproject.org
 250-PIPELINING
 250-SIZE 1024
 250-ETRN
 250-STARTTLS
 250-ENHANCEDSTATUSCODES
 250-8BITMIME
 250 DSN [719 ms]
 MAIL FROM:
 250 2.1.0 Ok [719 ms]
 RCPT TO:
 454 4.7.1 : Relay access denied [706 ms]
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26706 [Webpages/Website]: The Tor Website SMTP Open Relay - eugeni.torproject.org

2018-07-09 Thread Tor Bug Tracker & Wiki 
#26706: The Tor Website SMTP Open Relay - eugeni.torproject.org
--+
 Reporter:  t4rkd3vilz|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 i’ve found an SMTP open relay vulnerability in 94.130.28.202
 the vulnerability allows allatckers to send internal emails remotly
 without any authintication.

 And i’ve provided a screenshot as a POC for this exploitation methodolgy

 eugeni.torproject.org

 vuln name : SMTP open relaay

 root@kali:~# telnet 94.130.28.202 25
 Trying 94.130.28.202...
 Connected to 94.130.28.202.
 Escape character is '^]'.
 220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
 EHLO test
 250-eugeni.torproject.org
 250-PIPELINING
 250-SIZE 1024
 250-ETRN
 250-STARTTLS
 250-ENHANCEDSTATUSCODES
 250-8BITMIME
 250 DSN

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs