Re: <victim>server formmail.pl exploit in the wild
From: Christopher X. Candreva (chris@westnet.com)Date: 04/12/02
- Previous message: Robert Zilbauer: "RE: <victim>server formmail.pl exploit in the wild"
- In reply to: Noel Rosenberg: "Re: <victim>server formmail.pl exploit in the wild"
- Next in thread: Andrew Daviel: "Re: <victim>server formmail.pl exploit in the wild"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Apr 2002 16:25:59 -0400 (EDT) From: "Christopher X. Candreva" <chris@westnet.com> To: incidents@securityfocus.com
On Fri, 12 Apr 2002, Noel Rosenberg wrote:
> FormMail 1.9 (and lower) is insecure and should be replaced.
For anyone looking for a replacement, I hightly recomend cgiemail from MIT:
http://web.mit.edu/wwwdev/cgiemail/
It takes all it's information from a plain text file template, so spoofing
from fields shouldn't come in to play.
==========================================================
Chris Candreva -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Robert Zilbauer: "RE: <victim>server formmail.pl exploit in the wild"
- In reply to: Noel Rosenberg: "Re: <victim>server formmail.pl exploit in the wild"
- Next in thread: Andrew Daviel: "Re: <victim>server formmail.pl exploit in the wild"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
