5 July 2006, 17:10

Drupal module open to spammers

An update for the optional Form_Mail module in the Drupal CMS is intended to prevent attackers from using the system as a platform for spam. According to the developers, the module does not filter out line feeds and carriage returns from email headers, so that it may even be possible to manipulate the headers of outgoing emails. The flaw has been remedied in version 4.6.0. According to the security announcement, the problem does not affect Drupal core. In earlier versions, however, the email header could also be manipulated by means of holes in the core.

Also on The H:

Drupal completes community election of board members
Emails from Facebook contained IP addresses
WhiteHouse.gov open sources custom Drupal code
Drupal CMS closes security holes
Symantec fixes bug in Mail Security for SMTP
Tumbleweed's email firewall powerless against smuggled code

Share this article

Drupal module open to spammers

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit