Re: [SLUG] Vulnerability in formmail.pl

From: Paul M Foster (paulf@quillandmouse.com)
Date: Sat Sep 21 2002 - 20:48:38 EDT


On Fri, Sep 20, 2002 at 10:33:14PM -0400, Smitty wrote:

> I just got off irc and worked with a sysadmin there on a problem with
> formmail.pl in apache that allows a malicious third party to use the http
> daemon as a open relay.
> watched the spammer spew from 205.200.3.17 to the aol domain.
> Solution is to not use formmail.pl or edit it to clean up the regexs.
> Smitty

I believe this is a known exploit of formmail. The most recent version
contains a filter that limits to whom formmail emails may go. This may
be a specific domain or a specific user. This means, of course, that it
is not useful as an internet-server wide cgi, but must be in the
individual site's cgi-bin directory (and naturally, customized for that
domain). I just had to deal with this issue on a site I admin.

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:56:54 EDT