On page 158 of Lincoln Stein's "Web Security" book, FormMail (version 1) is listed as having a vulnerablity allowing remote users to execute commands with server privileges. The book is rather dated (copyright 1998), but if that's the version being run then yes, there is a published vulnerabilty.
One thing you might try (if you know Perl) is running the script with taint checking turned on. You should have all your Perl scripts running with taint checking turned on. To turn on taint checking, simply change the first line from.. #!/usr/bin/perl to #!/usr/bin/perl -Tw The important part is that a) the first line have a '-T' and b) it also has 'w'. I'm not sure what system you're running on (and I don't want to know for security reasons). If it's a WIN32 system, then the first line should be.. #!c:\perl\bin\perl -Tw The "w" switch turns warnings on. This way, if there are tainted variables and with warnings turned on, they should be revealed. Lincoln Stein maintains a FAQ on the Internet (http://www.w3.org/Security/Faq/). You could read it over just as an FYI and help with Perl. It's informitive and a simple read. -- Jim Willmore [EMAIL PROTECTED] On Wed, 20 Feb 2002 16:09:17 -0700 (MST) Lisa Bogar <[EMAIL PROTECTED]> wrote: > > Someone on campus called me yesterday inquiring about how to stop relaying > through sendmail. He thought he had configured his sendmail.cf to not > allow relaying, but then got notified he was relaying mail. Today after > some searching he found some information about FormMail.pl where it can be > used to cause your webserver to relay mail. He found his information from > www.8wire.com. Is anyone else familar with this and have you encountered > it? The logs show attacks targeted at the cgi-bin that sent out tons of > porno spam. > > Just trying to find out more information and I am surprised if it is > indeed happening why I haven't seen anything on CERT or bugtraq. > > TIA > Lisa > > ************************************** > * Lisa L. Bogar * > * Montana State University-Bozeman * > * Information Technology Center * > * Bozeman, MT 59717-3240 * > * * > * Phone: (406) 994-7887 * > * FAX: (406) 994-4600 * > * email: [EMAIL PROTECTED] * > **************************************
