On Fri, 7 Aug 1998, John D. Hardin wrote: > Actually there were rumbles about this on bugtraq as far back as February. > I remember because it prompted me to add active-HTML tag mangling to my > procmail filter set. > > BTW, just in case you haven't heard yet, > > <PLUG TYPE="shameless"> > Drop by http://www.wolfenet.com/~jhardin/procmail-security.html > </PLUG> > > Comments solicited. In the filter that attempts to sanitize <BODY ONLOAD="exploit"> tags, the following Perl regular expression occurs: s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi; Dick St. Peters <stpetersat_private> reports that on SunOS 4.1.3 + Perl 5.004 this RE never exits, leading to massive system loads when mail containing HTML is being processed. I have confirmed it works properly under Linux 2.0.33 + Perl 5.004_01, SunOS 4.1.4 + Perl 5.004_04 and Alpha OSF/1 V3.0 + Perl 5.004_04. Can anyone confirm these results? I have modified the released kit to use a simpler RE by default and offer this as an alternative after testing. If anybody else experiences a problem with this RE, either update to the current kit or delete the offending line from the HTML filter perl script. -- John Hardin KA7OHZ jhardinat_private pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now? [ OK ] ----------------------------------------------------------------------- 78 days until Daylight Savings Time ends
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:52 PDT