[TYPO3-dev] TYPO3 Security Bulletin 20070221-1: Email header injection
Peter Russ
peter.russ at 4many.net
Thu Feb 22 12:02:41 CET 2007
Olivier Dobberkau schrieb:
> in Beitrag mailman.1.1172092028.24995.typo3-dev at lists.netfielders.de schrieb
> Tom Walter unter t3 at wnets.de am 21.02.2007 22:07 Uhr:
>
>> Could you explain the risk a bit more specific?
>> What consequences could a attack have when you rate it with severity low ?
>
> Hi Tom,
>
> People could tamper with the inputsfields to send spammail thru your server.
>
> Have a look at this:
>
> http://typo3.svn.sourceforge.net/viewvc/typo3/TYPO3core/tags/TYPO3_4-0-5/t3l
> ib/class.t3lib_formmail.php?r1=1646&r2=2144
>
> I am not sure if there is going to be a patch for older versions.
>
> Any takers for a backport?
>
> Olivier
>
We have diffs for 3.6.2/3.7.1/3.8.1 available. Where to publish as I
couldn't find any in bugs.typo3.org?
Regs. Peter.
--
Fiat lux!
Docendo discimus.
_____________________________
4Many® Services
openBC: http://www.openbc.com/go/invuid/Peter_Russ
More information about the TYPO3-dev
mailing list