formail (was moron at perl/cgi)
Victor Odhner
vodhner at cox.net
Thu Jan 12 07:07:28 MST 2006
Craig White wrote:
>Downloaded a simple perl-cgi script called ForMail.pl
>
>getting fast and loose with permissions...
>
>
I trust you know this, but ...
ForMail has some legendary security holes, due to its trust
of user data. Just google for formail exploit
to see 22 pages of references.
This script is a poster child for bad CGI usage.
Being under selinux would be no protection here.
Vic
More information about the PLUG-discuss
mailing list