Tenable Network Security
Solutions Products Nessus Demos Partners Online Store
Nessus
Download
Plugins
     Newest Plugins
     Obtain an activation code
     View all plugins
     Search
Documentation
Register
Buy Now
ProfessionalFeed Support
Bugs
All the Tenable Products

Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
This script is Copyright (C) 1999-2010 Mathieu Perrin

FamilyCGI abuses
Nessus Plugin ID10076 (formmail_pl.nasl)
Bugtraq ID2079
CVE IDCVE-1999-0172

Description:
Synopsis :

Arbirtrary commands might be run on the remote host.

Description :

The 'formmail.pl' is installed. This CGI has a well known security flaw
that lets anyone execute arbitrary commands with the privileges of the
HTTP daemon (root or nobody).

Solution :

Remove it from /cgi-bin.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
About us | Whitepapers | Training | Discussion Forums | Support Portal | Blog | RSS feeds | Contact us | Legal | Privacy

© Copyright 2002 - 2010 Tenable Network Security(R). All Rights Reserved.

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org