Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Long attachment filename exploits: a procmail filter

Re: Long attachment filename exploits: a procmail filter

John D. Hardin (jhardinWOLFENET.COM)
Wed, 29 Jul 1998 20:42:46 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Thew: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"
Previous message: John D. Hardin: "Re: Long attachment filename exploits: a procmail filter"
In reply to: Brett Glass: "Re: Long attachment filename exploits: a procmail filter"

On Wed, 29 Jul 1998, Brett Glass wrote:

> Finally, there are other possible exploits, like a very long content
> type, that might also lead to buffer oveflows in mail clients. These
> should be checked too.

Okay, very long Content-Type headers are now sanitized as well.

Grab the latest from http://www.wolfenet.com/~jhardin/html-trap.procmail
and take a look.

--
 John Hardin KA7OHZ                               jhardinwolfenet.com
 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
  Your mouse has moved. Windows NT must be restarted for the change
  to take effect. Reboot now?  [ OK ]
-----------------------------------------------------------------------
   88 days until Daylight Savings Time ends

Next message: Alan Thew: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"
Previous message: John D. Hardin: "Re: Long attachment filename exploits: a procmail filter"
In reply to: Brett Glass: "Re: Long attachment filename exploits: a procmail filter"