Bugtraq mailing list archives
Simple CGI email handler, fixed
From: boutell () boutell com (Tom)
Date: Sat, 5 Aug 1995 13:35:51 GMT
There is a new version (2.1) available at the URL http://siva.cshl.org/email/index.html that does not have the security problem discussed here (tilde escapes). The problem went unfixed because it doesn't happen under SunOS, as those who attempted to demonstrate it to me presumably found out. Apologies for not having fixed it sooner. -T
Current thread:
- PERL (was: Re: SECURITY HOLE: FormMail), (continued)
- PERL (was: Re: SECURITY HOLE: FormMail) VaX#n8 (Aug 07)
- Re: PERL (was: Re: SECURITY HOLE: FormMail) Philip Guenther (Aug 07)
- Guidelines for cgi-bin scripts Lee Silverman (Aug 08)
- Re: Guidelines for cgi-bin scripts Dave Andersen (Aug 08)
- Re: Guidelines for cgi-bin scripts Christian Wettergren (Aug 09)
- PERL (was: Re: SECURITY HOLE: FormMail) VaX#n8 (Aug 07)
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Neil Woods (Aug 05)
- More holes, was: Re: SECURITY HOLE: FormMail Ivo (Aug 05)
- My email handler, ~ escapes, etc. Tom (Aug 05)
- Simple CGI email handler, fixed Tom (Aug 05)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 04)
- Re: SECURITY HOLE: FormMail Jukka Ukkonen (Aug 07)