Reported December 12, 2000 by XATO
Multiple vulnerabilities have been discovered in command-line mailers. Vulnerabilities range from Denial of Service (DoS) attacks to information leakage and the writing and retrieving of unauthorized data.
the mailer software is located in the /cgi-bin directory on the Web
server, a user can launch it with the following URL:
[email protected]%20-t%[email protected]
Additionally, other problems include the ability to let INI and log files reside in the same directory as the mailer; override the default settings; modify hidden form variables; exploit debug modes; monitor all mail sent through the server; use the mailer as a bounce point for port scans; use the mailer as a bounce point for brute-force password attacks.
Check your vendors web site for fix and upgrade information.