http://arstechnica.com/news.ars/post/20080510-security-flaw-turns-gmail-into-open-relay-server.html http://ece.uprm.edu/~andre/insert/gmail.html
Gmail's normal approach to messages sent though its SMTP service is to rewrite some of the Message Body headers to prevent identity fraud. By exploiting this flaw, an attacker can easily bypass this restriction. This happens because attack messages are disguised as legitimately destined to a compromised account. This way, Gmail will deliver the message to the attack target without modifying any of the Message Body Headers, and more importantly, it will preserve even forged sender's identity information intact. Since the attack message can be forged at the attacker's will and can be forwarded by Google's servers any number of times, this vulnerability is a major spam and phishing threat concern. |
http://ece.uprm.edu/~andre/insert/gmail.html Strangely enough, this INSERT partial vulnerability disclosure/ error report isn't explicitly dated, nor is there any indication of how the authors propose to declare it fixed, once (when?) Google attends to it. http://ece.uprm.edu/~andre/insert/confidential.gif Glad to hear (read) it. |