Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Eudora executes (Java) URL

From: jhardin () wolfenet com (John D. Hardin)
Date: Sat, 8 Aug 1998 01:35:42 -0700

On Fri, 7 Aug 1998, John D. Hardin wrote:


Actually there were rumbles about this on bugtraq as far back as February.
I remember because it prompted me to add active-HTML tag mangling to my
procmail filter set.

BTW, just in case you haven't heard yet,

<PLUG TYPE="shameless">
Drop by http://www.wolfenet.com/~jhardin/procmail-security.html
</PLUG>

Comments solicited.


In the filter that attempts to sanitize <BODY ONLOAD="exploit"> tags, the
following Perl regular expression occurs:

 s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi;

Dick St. Peters <stpeters () NetHeaven com> reports that on SunOS 4.1.3 +
Perl 5.004 this RE never exits, leading to massive system loads when mail
containing HTML is being processed.

I have confirmed it works properly under Linux 2.0.33 + Perl 5.004_01,
SunOS 4.1.4 + Perl 5.004_04 and Alpha OSF/1 V3.0 + Perl 5.004_04.

Can anyone confirm these results?

I have modified the released kit to use a simpler RE by default and offer
this as an alternative after testing.

If anybody else experiences a problem with this RE, either update to the
current kit or delete the offending line from the HTML filter perl script.

--
 John Hardin KA7OHZ                               jhardin () wolfenet com
 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
  Your mouse has moved. Windows NT must be restarted for the change
  to take effect. Reboot now?  [ OK ]
-----------------------------------------------------------------------
   78 days until Daylight Savings Time ends
Previous By Date Next
Previous By Thread Next

Current thread: