On Fri, Jan 23, 2004 at 01:12:48PM +0200, Ian Forbes wrote: >Hello All > >I discovered this morning that our web server has been exploited for the >relaying of spam. It has the latest "cgiemail" program distributed with >Debian installed on it.
I've setup a temporary form with a 'subject' field to test the possible vulnerability at: http://sikuani.its.monash.edu.au/ams/cgiemail.html The correponding template is at: http://sikuani.its.monash.edu.au/template/test The cgiemail version is 1.6-14 (stable). Is my form similar to the form that you are/were using? If yes, could you please tell us how to make it relay email? >First thing I did was disable the cgiemail executable to stop the flow >of spam. > >Then I did some research. This is not a totally new scenario. After a >little web searching I have found: > >1) An open bug report: >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=222870 > >2) A demonstration of the exploit on bugtraq: >http://seclists.org/lists/bugtraq/2002/Jun/0151.html > >3) A patch which might fix the problem >http://www.securityfocus.com/archive/1/340174 > >4) An updated upstream version which may also fix the problem >http://web.mit.edu/wwwdev/cgiemail/cgiemail-beta.tar.gz > >I am not a C expert so I am reluctant to attempt to patch or recompile >the thing myself. However maybe somebody out there can help. > >Also I get the feeling that cgiemail is past its sell-by date and that >we should be looking for an alternative more secure and actively >supported program that is distributed with Debian (preferably woody). >Any suggestions what we could use? > >This wont remove the requirement for us to carry on using cgiemail, many >of the pages we host use it. However maybe we should start weaning the >webmasters onto something new. > >Thanks > >Ian > >-- >Ian Forbes ZSD >http://www.zsd.co.za >Office: +27 21 683-1388 Fax: +27 21 674-1106 >Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa Anibal Monsalve Salazar -- .''`. Debian GNU/Linux | Building 28C : :' : Free Operating System | Monash University VIC 3800 `. `' http://debian.org/ | Australia `- |
pgpur7Zq01orF.pgp
Description: PGP signature
