RE: [Nms-cgi-devel] Formmail insecurities

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 29 Jan 2002, Paul Roub wrote:

> I'd be interested in taking a stab at fixing the insecurities noted in this
> advisory -- this is certainly an area where doing a better job can have a
> tremendous impact.
>

I fixed two of them in :

uid=68026(gellyfish) gid=100(users)
groups=100(users),7054(xmlxslt),40625(nms-cgi)
formmail FormMail.pl,1.26,1.27
Sun Jan 27 05:59:08 PST 2002
Update of /cvsroot/nms-cgi/formmail
In directory usw-pr-cvs1:/tmp/cvs-serv14246

Modified Files:
        FormMail.pl
Log Message:
Issues from  http://www.monkeys.com/anti-spam/formmail-advisory.pdf
* Left anchored regex to check referer
* If $secure and no referer supplied then croak

/J\
-- 
Jonathan Stowe                      |
<http://www.gellyfish.com>          |      This space for rent
                                    |