Security Incidents mailing list archives
Re: <victim>server formmail.pl exploit in the wild
From: "Christopher X. Candreva" <chris () westnet com>
Date: Fri, 12 Apr 2002 16:25:59 -0400 (EDT)
On Fri, 12 Apr 2002, Noel Rosenberg wrote:
FormMail 1.9 (and lower) is insecure and should be replaced.
For anyone looking for a replacement, I hightly recomend cgiemail from MIT: http://web.mit.edu/wwwdev/cgiemail/ It takes all it's information from a plain text file template, so spoofing from fields shouldn't come in to play. ========================================================== Chris Candreva -- chris () westnet com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- <victim>server formmail.pl exploit in the wild Andrew Daviel (Apr 12)
- Re: <victim>server formmail.pl exploit in the wild Noel Rosenberg (Apr 12)
- Re: <victim>server formmail.pl exploit in the wild Christopher X. Candreva (Apr 12)
- <Possible follow-ups>
- Re: <victim>server formmail.pl exploit in the wild Justin Shore (Apr 12)
- Re: <victim>server formmail.pl exploit in the wild mike maxwell (Apr 12)
- RE: <victim>server formmail.pl exploit in the wild Robert Zilbauer (Apr 12)
- RE: <victim>server formmail.pl exploit in the wild Benjamin Tomhave (Apr 14)
- Re: <victim>server formmail.pl exploit in the wild Andrew Daviel (Apr 14)
- Re: <victim>server formmail.pl exploit in the wild Kee Hinckley (Apr 15)
- Re: <victim>server formmail.pl exploit in the wild Andrew Daviel (Apr 15)
- Re: <victim>server formmail.pl exploit in the wild Kee Hinckley (Apr 15)
- Re: <victim>server formmail.pl exploit in the wild Kee Hinckley (Apr 15)
- Re: <victim>server formmail.pl exploit in the wild Noel Rosenberg (Apr 12)