Jack's formmail.php ar_file Parameter Arbitrary Local File Access

2004-12-31T00:00:00
ID OSVDB:12788
Type osvdb
Reporter Hack Hawk(hh@hackhawk.net)
Modified 2004-12-31T00:00:00

Description

Vulnerability Description

FormMail.php contains a flaw that may allow a malicious user to gain access to remote files. The issue is triggered when a remote attacker specifies a value for the ar_file auto-reply parameter which causes the target server to send an arbitrary file to the remote user. It is possible that the flaw may allow remote file access resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

FormMail.php contains a flaw that may allow a malicious user to gain access to remote files. The issue is triggered when a remote attacker specifies a value for the ar_file auto-reply parameter which causes the target server to send an arbitrary file to the remote user. It is possible that the flaw may allow remote file access resulting in a loss of confidentiality.

References:

Vendor URL: http://dtheatre.com/scripts/formmail.php Security Tracker: 1012747 Secunia Advisory ID:10815 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0476.html ISS X-Force ID: 18724 CVE-2004-1431 Bugtraq ID: 12145