On Mon, 2003-02-03 at 07:56, Patrick Bucher wrote: > > There is a security-bug in the formmail.pl-script from matt wright. You > can use this script as an kind of "smtp-relay-server". I've found an > secure one located at ftp://ftp.monkeys.com/pub/formmail/ .
No need to go that far : there formmail.pl remplacement in Debian. It is called nms-formail and pages that use formmail.pl will use it without even noticing the change. "nms is an attempt to provide replacements for all of the scripts from Matt's Script Archive. MSA is probably the most well-known archive of CGI programs currently available on the web. Among the Perl community, the MSA scripts are known to be badly-written, buggy and insecure. nms was started when a group of Perl programmers got tired of telling people not to use Matt's programs and getting the reply ``But what shall I use instead?'' formmail is a script which allows you to receive the results of an HTML form submission via an email message."
