 
|
| Mime-Version: |
1.0 |
| Sender: |
|
| Date: |
Thu, 26 Aug 1999 13:13:27 -0400 |
| Reply-To: |
|
| Subject: |
|
| From: |
|
| Content-Transfer-Encoding: |
7bit |
| In-Reply-To: |
|
| Content-Type: |
multipart/signed; boundary="==_Exmh_-938666860P"; micalg=pgp-md5;
protocol="application/pgp-signature" |
| Comments: |
|
On Thu, 26 Aug 1999 12:31:30 EDT, Listserv Admin <[log in to unmask]> said:
> Maybe you could be a bit more explicit? What header is actually
> replaced with the password that could cause listserv to bypass the "real
> owner"?
If you're the list owner, I can't forge a 'PUT listname LIST' or similar.
Unless of course, I can get the entire 'PUT listname LIST PW=xyzzy' correct.
Same goes for ADD, DELETE, and any other list-owner-only operation.
Now, it's a LITTLE harder to do this *and* dissapear the Listserv reply so
that the actual list owner doesn't see it, but it's doable by a sufficiently
determined adversary (hint - the secret is a Denial Of Service attack. Has
YOUR system been patched against things like SYN-flooding, or TCP sequence
number prediction, or any of those OTHER nasty problems? ;)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
|
|
|
