IMAP/SMTP Command Injection
Attack Pattern ID: 183 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker exploits weaknessness in input validation on IMAP/SMTP servers to execute commands on the server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.

+ Attack Prerequisites

The target environment must consist of a web-mail server that the attacker can query and a back-end mail server. The back-end mail server need not be directly accessible to the attacker.

The web-mail server must fail to adequately sanitize fields received from users and passed on to the back-end mail server.

The back-end mail server must not be adequately secured against receiving malicious commands from the web-mail server.

+ Resources Required

No special resources are required for this attack. However, in most cases, the attacker will need to be a recognized user of the web-mail server.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern248Command Injection 
Mechanism of Attack (primary)1000
+ References

http://www.owasp.org/index.php/Testing_for_IMAP/SMTP_Injection_(OWASP-DV-011)

Back to top