Bugtraq mailing list archives
Re: Eudora executes (Java) URL
From: jhardin () wolfenet com (John D. Hardin)
Date: Sat, 8 Aug 1998 01:35:42 -0700
On Fri, 7 Aug 1998, John D. Hardin wrote:
Actually there were rumbles about this on bugtraq as far back as February. I remember because it prompted me to add active-HTML tag mangling to my procmail filter set. BTW, just in case you haven't heard yet, <PLUG TYPE="shameless"> Drop by http://www.wolfenet.com/~jhardin/procmail-security.html </PLUG> Comments solicited.
In the filter that attempts to sanitize <BODY ONLOAD="exploit"> tags, the following Perl regular expression occurs: s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi; Dick St. Peters <stpeters () NetHeaven com> reports that on SunOS 4.1.3 + Perl 5.004 this RE never exits, leading to massive system loads when mail containing HTML is being processed. I have confirmed it works properly under Linux 2.0.33 + Perl 5.004_01, SunOS 4.1.4 + Perl 5.004_04 and Alpha OSF/1 V3.0 + Perl 5.004_04. Can anyone confirm these results? I have modified the released kit to use a simpler RE by default and offer this as an alternative after testing. If anybody else experiences a problem with this RE, either update to the current kit or delete the offending line from the HTML filter perl script. -- John Hardin KA7OHZ jhardin () wolfenet com pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now? [ OK ] ----------------------------------------------------------------------- 78 days until Daylight Savings Time ends
Current thread:
- Re: Solaris 2.5.1/2.6 fingerd bug, (continued)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
- Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
- Re: Solaris 2.4 pop buffer overrun Matthew R. Potter (Aug 07)
- Re: Solaris 2.5.1/2.6 fingerd bug Joseph Moran (Aug 06)
- Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 07)
- Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 06)
- Re: Solaris 2.5.1/2.6 fingerd bug Matthew R. Potter (Aug 06)
- ADMsmb security scanner for samba The ADM Crew (Aug 06)
- Eudora executes (Java) URL Stout, Bill (Aug 07)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 07)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 08)
- Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
- IRIX IP Spoofing/TCP Sequence Attack Update SGI Security Coordinator (Aug 06)
- IRIX BIND DNS Vulnerabilities Update SGI Security Coordinator (Aug 06)
- BSD/Qualcomm qpopper Vulnerability SGI Security Coordinator (Aug 06)
- University of Washington imapd daemon Vulnerability SGI Security Coordinator (Aug 06)
- New Eudora bug ? Patrick Oonk (Aug 07)
- YA Apache DoS attack Dag-Erling Coidan Smørgrav (Aug 07)
- Re: YA Apache DoS attack Marc Slemko (Aug 07)
- Re: YA Apache DoS attack Dean Gaudet (Aug 07)
- Re: YA Apache DoS attack Kovacs Andrei (Aug 15)
- Re: New Eudora bug ? Anthony Roybal (Aug 07)