Published:2006/08/23  Last Updated:2008/05/21

JVN#11048526
mail f/w system vulnerable to allow unauthorized email transmissionk

Overview

mail f/w system is software that enables the the emailing of the contents of a form.
A vulnerability exists in mail f/w system that allows a remote attacker to send email to arbitrary addresses, due to inadequate validation of certain values in mail headers.

Products Affected

  • mail f/w system 8.2 and earlier

Description

Impact

A remote attacker may exploit this vulnerability to send unsolicited mails to arbitrary email addresses.

Solution

Vendor Status

Vendor Link
CGI RESCUE http://www.rescue.ne.jp/
http://www.rescue.ne.jp/cgi/formd/
http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20060822210549

References

JPCERT/CC Addendum

Credit

Tomohito Yoshino of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000648

Update History