Re: <victim>server formmail.pl exploit in the wild

From: Christopher X. Candreva (chrisat_private)
Date: Fri Apr 12 2002 - 13:25:59 PDT

  • Next message: Christopher Albert: "qestions about a rooted RH7.1 box"

    On Fri, 12 Apr 2002, Noel Rosenberg wrote:
    
    > FormMail 1.9 (and lower) is insecure and should be replaced.
    
    For anyone looking for a replacement, I hightly recomend cgiemail from MIT:
    
    http://web.mit.edu/wwwdev/cgiemail/
    
    It takes all it's information from a plain text file template, so spoofing
    from fields shouldn't come in to play.
    
    ==========================================================
    Chris Candreva  -- chrisat_private -- (914) 967-7816
    WestNet Internet Services of Westchester
    http://www.westnet.com/
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 13:35:55 PDT