漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Maddy Mail Server: LDAP Filter Injection via Unsanitized Username
Vulnerability Description
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldap/ldap/v3 library's ldap.EscapeFilter() function being available in the same import. This affects three code paths: the Lookup() filter, the AuthPlain() DN template, and the AuthPlain() filter. An attacker with network access to the SMTP submission or IMAP interface can inject arbitrary LDAP filter expressions through the username field in AUTH PLAIN or LOGIN commands. This enables identity spoofing by manipulating filter results to authenticate as another user, LDAP directory enumeration via wildcard filters, and blind extraction of LDAP attribute values using authentication responses as a boolean oracle or via timing side-channels between the two distinct failure paths. This issue has been fixed in version 0.9.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
Maddy Mail Server 安全漏洞
Vulnerability Description
Maddy Mail Server是俄罗斯Max Mazurov个人开发者的一个可组合的多合一邮件服务器。 Maddy Mail Server 0.9.3之前版本存在安全漏洞,该漏洞源于auth.ldap模块中用户提供的用户名在未进行LDAP过滤器转义的情况下被插入到LDAP搜索过滤器和DN字符串中,可能导致身份欺骗、LDAP目录枚举或通过身份验证响应提取LDAP属性值。
CVSS Information
N/A
Vulnerability Type
N/A