JVN#65542239 Hyper NIKKI System allows unauthorized email submission

Overview

Hyper NIKKI System (hns) is web log software from the Hyper NIKKI System Project. hns allows unauthorized email submission as it does not validate inputs properly.

Products Affected

hns-2.19.6 (hns-lite-2.19.6) and earlier

On March 8 2006, the vendor announced that a problem exists in make-rurimap.cgi of hns-2.19.7 and released hns-2.19.8. For more information, refer to the vendor's website.

Description

Impact

An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails.

Solution

Vendor Status

Vendor	Status	Last Update	Vendor Notes
HyperNikkiSystem Project	Vulnerable	2006/03/07

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2006-000605