Important news for webmasters !
Widely used FormMail.pl Web-to-Email CGI Script Allows Unauthorized Users to Send Mail (e.g., spam) Anonymously. - March 16, 2001
For a full description see
http://securitytracker.com/alerts/2001/Mar/1001108.html
A patched version of the perl script is available at
http://www.mailvalley.com/formmail/
The patched version of the script
1)Allows you to specify a list of recipients in a text file, who are authorized to receive emails. So the script will only send mail to addresses listed in this file thus protecting against the spam exploit.
2) Prevents unauthorised users from fetching your server's environment variables through the formmail script.
Widely used FormMail.pl Web-to-Email CGI Script Allows Unauthorized Users to Send Mail (e.g., spam) Anonymously. - March 16, 2001
For a full description see
http://securitytracker.com/alerts/2001/Mar/1001108.html
A patched version of the perl script is available at
http://www.mailvalley.com/formmail/
The patched version of the script
1)Allows you to specify a list of recipients in a text file, who are authorized to receive emails. So the script will only send mail to addresses listed in this file thus protecting against the spam exploit.
2) Prevents unauthorised users from fetching your server's environment variables through the formmail script.
Whoops!