Re: <victim>server formmail.pl exploit in the wild

From: Christopher X. Candreva (chrisat_private)
Date: Fri Apr 12 2002 - 13:25:59 PDT

Next message: Christopher Albert: "qestions about a rooted RH7.1 box"

Previous message: Robert Zilbauer: "RE: <victim>server formmail.pl exploit in the wild"
In reply to: Noel Rosenberg: "Re: <victim>server formmail.pl exploit in the wild"
Next in thread: Andrew Daviel: "Re: <victim>server formmail.pl exploit in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 12 Apr 2002, Noel Rosenberg wrote:

> FormMail 1.9 (and lower) is insecure and should be replaced.

For anyone looking for a replacement, I hightly recomend cgiemail from MIT:

http://web.mit.edu/wwwdev/cgiemail/

It takes all it's information from a plain text file template, so spoofing
from fields shouldn't come in to play.

==========================================================
Chris Candreva  -- chrisat_private -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Christopher Albert: "qestions about a rooted RH7.1 box"
Previous message: Robert Zilbauer: "RE: <victim>server formmail.pl exploit in the wild"
In reply to: Noel Rosenberg: "Re: <victim>server formmail.pl exploit in the wild"
Next in thread: Andrew Daviel: "Re: <victim>server formmail.pl exploit in the wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 13:35:55 PDT