GNU bug report logs - #54714
Vulnerability Report [Misconfigured DMARC Record Flag]

Previous Next

Package: gnuzilla;

Reported by: Cyber Zeus <cyberzeus111 <at> gmail.com>

Date: Mon, 4 Apr 2022 19:47:01 UTC

Severity: normal

Merged with 49260

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 54714 in the body.
You can then email your comments to 54714 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnuzilla <at> gnu.org:
bug#54714; Package gnuzilla. (Mon, 04 Apr 2022 19:47:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Cyber Zeus <cyberzeus111 <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnuzilla <at> gnu.org. (Mon, 04 Apr 2022 19:47:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Cyber Zeus <cyberzeus111 <at> gmail.com>
To: bug-gnuzilla <at> gnu.org
Subject: Re: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 5 Apr 2022 00:31:08 +0500

[Message part 1 (text/plain, inline)]
Hi team
I hope you're having a good day, It's been a while I haven't heard from
you. I want to inquire about the bug bounty for reporting the vulnerability.
-Zeus

On Mon, Feb 28, 2022 at 10:34 PM Cyber Zeus <cyberzeus111 <at> gmail.com> wrote:

> Hi team,
> It's been a while, Kindly update me with the report that I've reported.
> -Zeus
>
>
> On Tue, Dec 14, 2021 at 12:20 AM Cyber Zeus <cyberzeus111 <at> gmail.com>
> wrote:
>
>> Hi team,
>> Kindly update me with the report that i've reported.
>> -zeus
>>
>> On Tue, Jul 13, 2021 at 11:02 AM Cyber Zeus <cyberzeus111 <at> gmail.com>
>> wrote:
>>
>>> Hi team
>>> Kindly update me with the bug that I have reported.
>>> -Zeus
>>>
>>> On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111 <at> gmail.com>
>>> wrote:
>>>
>>>> Hi Team,
>>>> I am an independent security researcher and I have found a bug in your
>>>> website
>>>> The details of it are as follows:-
>>>>
>>>> Description: This report is about a misconfigured Dmarc/SPF record
>>>> flag, which can be used for malicious purposes as it allows for fake
>>>> mailing on behalf of respected organizations.
>>>>
>>>> About the Issue:
>>>> As i have seen the DMARC record for
>>>> gnu.org <bug-gnuzilla <at> gnu.org>
>>>>
>>>> which is:
>>>> DMARC Policy Not Enabled
>>>> DMARC Not Found
>>>>
>>>> As u can see that you Weak SPF record, a valid record should be like:-
>>>>
>>>> DMARC Policy Enabled
>>>> What's the issue:
>>>> An SPF/DMARC record is a type of Domain Name Service (DNS) record that
>>>> identifies which mail servers are permitted to send an email on behalf of
>>>> your domain. The purpose of an SPF/DMARC record is to prevent spammers from
>>>> sending messages on the behalf of your organization.
>>>>
>>>> Attack Scenario: An attacker will send phishing mail or anything
>>>> malicious mail to the victim via mail:
>>>>
>>>> bug-gnuzilla <at> gnu.org
>>>>
>>>>
>>>> even if the victim is aware of a phishing attack, he will check the
>>>> origin email which came from your genuine mail id
>>>> bug-gnuzilla <at> gnu.org
>>>>
>>>>
>>>> so he will think that it is genuine mail and get trapped by the
>>>> attacker.
>>>> The attack can be done using any PHP mailer tool like this:-
>>>>
>>>> <?php
>>>> $to = "VICTIM <at> example.com";
>>>> $subject = "Password Change";
>>>> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
>>>> $headers = "From:
>>>>
>>>> bug-gnuzilla <at> gnu.org
>>>>
>>>> ";mail($to,$subject,$txt,$headers);
>>>> ?>
>>>>
>>>> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>>>>
>>>> Reference:
>>>> https://support.google.com/a/answer/2466580?hl=en
>>>> have a look at the GOOGLE article for a better understanding!
>>>>
>>>> [image: image.png]
>>>> [image: image.png]
>>>>
>>>

[Message part 2 (text/html, inline)]
[image.png (image/png, inline)]
[image.png (image/png, inline)]
Forcibly Merged 49260 54714. Request was from Glenn Morris <rgm <at> fencepost.gnu.org> to control <at> debbugs.gnu.org. (Mon, 04 Apr 2022 19:49:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-gnuzilla <at> gnu.org:
bug#54714; Package gnuzilla. (Wed, 06 Apr 2022 20:42:02 GMT) Full text and rfc822 format available.

Message #10 received at 54714 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Cyber Zeus <cyberzeus111 <at> gmail.com>, 54714 <at> debbugs.gnu.org
Subject: Re: bug#54714: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Wed, 06 Apr 2022 16:40:36 -0400

Cyber Zeus <cyberzeus111 <at> gmail.com> writes:

> Hi team
> I hope you're having a good day, It's been a while I haven't heard from
> you. I want to inquire about the bug bounty for reporting the vulnerability.
> -Zeus

We have already responded to your report, here:

https://bugs.gnu.org/49260

      Regards,
        Mark

-- 
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 05 May 2022 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 42 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.