GNU bug report logs -
#49260
Vulnerability Report [Misconfigured DMARC Record Flag]
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Sat, 17 Jul 2021 02:11:51 -0400
with message-id <877dhpsc3h.fsf <at> netris.org>
and subject line Re: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]
has caused the debbugs.gnu.org bug report #49260,
regarding Vulnerability Report [Misconfigured DMARC Record Flag]
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
49260: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=49260
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
Hi Team,
I am an independent security researcher and I have found a bug in your
website
The details of it are as follows:-
Description: This report is about a misconfigured Dmarc/SPF record flag,
which can be used for malicious purposes as it allows for fake mailing on
behalf of respected organizations.
About the Issue:
As i have seen the DMARC record for
gnu.org <bug-gnuzilla <at> gnu.org>
which is:
DMARC Policy Not Enabled
DMARC Not Found
As u can see that you Weak SPF record, a valid record should be like:-
DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that
identifies which mail servers are permitted to send an email on behalf of
your domain. The purpose of an SPF/DMARC record is to prevent spammers from
sending messages on the behalf of your organization.
Attack Scenario: An attacker will send phishing mail or anything malicious
mail to the victim via mail:
bug-gnuzilla <at> gnu.org
even if the victim is aware of a phishing attack, he will check the origin
email which came from your genuine mail id
bug-gnuzilla <at> gnu.org
so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-
<?php
$to = "VICTIM <at> example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:
bug-gnuzilla <at> gnu.org
";mail($to,$subject,$txt,$headers);
?>
U can also check your Dmarc/ SPF record form: MXTOOLBOX
Reference:
https://support.google.com/a/answer/2466580?hl=en
have a look at the GOOGLE article for a better understanding!
[image: image.png]
[image: image.png]
[Message part 4 (text/html, inline)]
[image.png (image/png, inline)]
[image.png (image/png, inline)]
[Message part 7 (message/rfc822, inline)]
Ian Kelling <iank <at> fsf.org> writes:
> We have a dmarc policy. It is called "none". we are not doing anything
> insecure or unusual, for example it is the same one that google uses:
>
> $ host -t txt _dmarc.gmail.com
> _dmarc.gmail.com descriptive text "v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-reports <at> google.com"
> $ host -t txt _dmarc.gnu.org
> _dmarc.gnu.org descriptive text "v=DMARC1; p=none; rua=mailto:dmarc-rua <at> fsf.org"
>
> Someone can close this bug.
Agreed. I'm closing this bug now. Thanks, Ian.
Mark
--
Disinformation flourishes because many people care deeply about injustice
but very few check the facts. Ask me about <https://stallmansupport.org>.
This bug report was last modified 3 years and 99 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.