• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FormMail Recipient CGI Variable Spamming Vulnerability

Solution:
A SourceForge project, entitled nms, has been started to serve as a repository for user-supplied replacements for various Matt Wright scripts. Users intent on using this software should investigate nms at the following URL:

http://nms-cgi.sourceforge.net/

Various workarounds have been suggested which address this issue from various angles. No vendor supplied fix seems to completely address this issue.

Parameshwar Babu <babuweb@mailvalley.com> has supplied a patch:


Matt Wright FormMail 1.6

• Parameshwar Babu Mailvalley pppfile.pl
  http://www.mailvalley.com/formmail/