annuncio

Comprimi
Ancora nessun annuncio.

ROS software remote email flooding vulnerability

Comprimi
X
 
  • Filtro
  • Ora
  • Visualizza
Elimina tutto
nuovi messaggi

  • ROS software remote email flooding vulnerability

    Hello,

    as I don't receive any reply from Jose Alberto Ros Nieto (https://www.hamradioweb.org/forums/showthread.php?t=7417) , i publish the concept of the vulnerability, reserving to explain the PoC (Proof of Concept) later. Anyway, anyone that read careful the manual and the software feature can understand how to replicate the vulnerability.

    The software have a vulnerability that permit to an anonymous user via a radio trasmission to flood a target email with unsolicited messages.
    Please note that the vulnerability is on the software and not on the digital mode itself.

    The intrinsec anonymity of any kind of radio emission, because most (all? ) of us are unable to trace it in a relatively short slot of time with everyday tools, make possible for the author of the flood to remain anonymous.

    The only persons responsible of the flood, from an ISP point of view, are all the people that , acting as a relay from the radio side to the internet side, are sending mails without any control about the final recipient !!!

    Some tests carry out an attainable rate of about 50 mails per minute, depends by stations on air and HF propagation.

    At present time, all the people that have email parameters configured on current and pasts ROS version are vulnerable.

    Workaround: disable e-mail SMTP out parameters.

    73,
    Cristiano IZ0IEN
    Ultima modifica di IZ0IEN; 19-08-10, 13:49.
    Cris IZ0IEN
    http://www.technecom.it
    Founder of FOC - Frigo Operators Club
    Member of SOC #990 - Second Operator Class
    Orgoglioso cultore del CW a correzione d'errore.

  • #2
    Re: ROS software remote email flooding vulnerability

    Originariamente inviato da IZ0IEN Visualizza il messaggio
    Hello,
    as I don't receive any reply from Jose Alberto Ros Nieto (https://www.hamradioweb.org/forums/showthread.php?t=7417) , i publish the concept of the vulnerability, reserving to explain the PoC (Proof of Concept) later.
    "later" is now. PoC explained

    simply launch the ROS mode program, put *any valid* email address in the trasmitted text field (instead of CQ CQ bla bla bla), and trasmit on the air this email address.

    All the stations that are able to receive and decode the email address you trasmit, and have the SMTP out parameters configured, will send an email to this email address with a SWL report. When the band is crowded of ROS'ers, you can peak 30-40 mails to the targeted email address in a single trasmission.

    Note, again: if someone complaint about your unsolicited SWL report to your ISP, the only responsible person are the owner of the connection from where the email was sent.

    In simple words:

    Station A trasmit in ROS mode: leo.tung-lee at north.corea.kr (fantasy email address)
    30 OM are listening in ROS with SMTP parameters enabled. Good, 30 mails with SWL reports go straight to leo.tung-lee at north.corea.kr
    Mr. Leo Tung-Lee don't have (obviously, in north corea...) an amateur license, nor a trasmission permission, so he complain about those strange emails that he receive with his ISP.

    The Korean ISP complain with the 30 ISP of the OM stations sending spam, and someone of the 30 accounts will eventually get blacklisted and suspended.

    What's happen to station A , that originate the whole thing ?? Nothing, is *totally stealth*.

    You can play this game whenever you want, nope to trace the person that originate the spam, the only sure thing are the IP of the swl reporters.

    PS - Mr. Tung-Lee will be eventually judged and prosecuted for illegal trasmissions, because he received 30 SWL reports (joking )

    maybe is not a *big* security/privacy flaw, but is a flaw.

    Cristiano IZ0IEN
    Cris IZ0IEN
    http://www.technecom.it
    Founder of FOC - Frigo Operators Club
    Member of SOC #990 - Second Operator Class
    Orgoglioso cultore del CW a correzione d'errore.

    Commenta

    Sto operando...
    X