Security Advisories (1)
CVE-2002-1271 (2002-11-12)

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.

NAME

Mail::Mailer - Simple interface to electronic mailing mechanisms

SYNOPSIS

require Mail::Mailer;

$mailer = new Mail::Mailer;

$mailer = new Mail::Mailer $command, $type;

$mailer->open(\%headers);

print $mailer $body;

$mailer->close;

DESCRIPTION

$Revision: 1.5 $

TO DO

Assist formatting of fields in ...::rfc822:send_headers to ensure valid in the face of newlines and longlines etc.

Secure all forms of send_headers() against hacker attack and invalid contents. Especially "\n~..." in ...::mail::send_headers.

SEE ALSO

Mail::Send

AUTHORS

Tim Bunce <Tim.Bunce@ig.co.uk>, with a kick start from Graham Barr <bodg@tiuk.ti.com>. For support please contact comp.lang.perl.misc.