Hello All I discovered this morning that our web server has been exploited for the relaying of spam. It has the latest "cgiemail" program distributed with Debian installed on it.
First thing I did was disable the cgiemail executable to stop the flow of spam. Then I did some research. This is not a totally new scenario. After a little web searching I have found: 1) An open bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=222870 2) A demonstration of the exploit on bugtraq: http://seclists.org/lists/bugtraq/2002/Jun/0151.html 3) A patch which might fix the problem http://www.securityfocus.com/archive/1/340174 4) An updated upstream version which may also fix the problem http://web.mit.edu/wwwdev/cgiemail/cgiemail-beta.tar.gz I am not a C expert so I am reluctant to attempt to patch or recompile the thing myself. However maybe somebody out there can help. Also I get the feeling that cgiemail is past its sell-by date and that we should be looking for an alternative more secure and actively supported program that is distributed with Debian (preferably woody). Any suggestions what we could use? This wont remove the requirement for us to carry on using cgiemail, many of the pages we host use it. However maybe we should start weaning the webmasters onto something new. Thanks Ian -- Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
