BID:2080

Matt Wright FormMail Cross-Site Request Forgery Vulnerability

Info

Matt Wright FormMail Cross-Site Request Forgery Vulnerability

Bugtraq ID:	2080
Class:	Origin Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 01 1997 12:00AM
Updated:	Jan 01 1997 12:00AM
Credit:	Discovery information is not currently known.
Vulnerable:	Matt Wright FormMail 1.8 Matt Wright FormMail 1.7 Matt Wright FormMail 1.6 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f - FreeBSD FreeBSD 5.0 - HP HP-UX 11.0 4 - IBM AIX 4.3.2 - Linux kernel 2.3 .x - Linux kernel 2.2 .x - NetBSD NetBSD 1.3.3 - OpenBSD OpenBSD 2.6 - SCO Unixware 7.1.1 - SGI IRIX 6.5.6 - Sun Solaris 8_sparc - Sun SunOS 4.1.4 Matt Wright FormMail 1.5 Matt Wright FormMail 1.4 Matt Wright FormMail 1.3 Matt Wright FormMail 1.2 Matt Wright FormMail 1.1 Matt Wright FormMail 1.0

Not Vulnerable:	Matt Wright FormMail 1.9

Discussion

Matt Wright FormMail Cross-Site Request Forgery Vulnerability

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user.

A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability".

Solution / Fix

Matt Wright FormMail Cross-Site Request Forgery Vulnerability

Solution:
The vendor has fixed this issue in FormMail 1.9. Users running previous versions are advised to upgrade.

Matt Wright FormMail 1.0