GEN:SID | 1:884 |
Message | WEB-CGI formmail access |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the CGI web application Formmail running on a server.
|
Impact | Several vulnerabilities include server access, information disclosure, spam relaying and mail anonymizing.
|
Detailed Information | This event is generated when an attempt is made to access the perl cgi script Formmail. Early versions (1.6 and prior) had several vulnerabilities (Spam engine, ability to run commands under server id and set environment variables) and should be upgraded immediately. Newer versions can still be used by spammers for anonymizing email and defeating email relay controls.
|
Affected Systems | All systems running Formmail
|
Attack Scenarios | Information can be appended to the URL to use your mail gateway avoiding SMTP relay controls. HTTP header information can be manipulated to avoid access control methods in script. Allows SMTP exploits that are normally available only to trusted (local) users such as Sendmail % hack.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | |
Rule References | arachnids: 226
bugtraq: 1187
bugtraq: 2079
cve: 1999-0172
cve: 2000-0411
nessus: 10076
nessus: 10782
|