Skip to content

Vulnerability in common implementation of SPF/SenderID protocol

By Ken Simpson | 2 minute read

Dan Kaminsky, who is one of our technical advisers and a principle at security consultancy IOActive, recently discovered a vulnerability in the libspf2 software library, which provides SPF/SenderID validation in a wide variety of open source and commercial mail servers. This vulnerability is particularly important for the Internet community for a couple of reasons:

  1. The vulnerability can be exploited simply by creating a special record in the Domain Name System (DNS). By burying the exploit code within the DNS, the exploit can more easily pass through network firewalls and intrusion prevention systems, most of which do not check for vulnerabilities in DNS records.
  2. Email servers are usually located in the “De-militarized zone” of an organization’s network, which means they have access both to public Internet systems as well as private internal systems. By exploiting this flaw in libspf2, an attacker can potentially gain access to a company’s directory servers and internal email servers (such as Microsoft Exchange servers). This has obvious and quite severe privacy implications.

If you run your own mail server, you should check to see that you have the latest libspf2 library (version 1.2.8) installed. If you use a commercial spam filtering system, you should check with your vendor to ensure that they have upgraded, or download Traffic Control, which is not affected by this vulnerability.

Cut your support tickets and make customers happier