=================== BUG #1468: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1468&group_id=1968
Changes by: Earl Hood <earl(_at_)earlhood(_dot_)com>
Date: 2002-Oct-21 11:52 (US/Central)
What | Removed | Added
---------------------------------------------------------------------------
Resolution | None | Fixed
Status | Open | Closed
Fixed Release | | 2.5.13
------------------ Additional Follow-up Comments ----------------------------
Escaping of the field labels added to htmlize_header()
function in mhutil.pl. This should close the vulnerability.
Fixed will be included in 2.5.13 release.
=================== BUG #1468: FULL BUG SNAPSHOT ===================
Submitted by: ehood Project: MHonArc
Submitted on: 2002-Oct-21 11:51
Category: Mail Parsing Severity: 9 - Critical
Bug Group: Security Resolution: Fixed
Assigned to: ehood Status: Closed
Platform Version: All Perl Version: all
Component Version: <=2.5.12 Fixed Release: 2.5.13
Summary: XSS vulnerability in message header conversion
Original Submission: (Orginally submitted by Steven M. Christey via private
mail)
1) Cross-site scripting (XSS) possibilities
- XSS can be inserted into the message MIME header names, e.g.:
To: <someone(_at_)example(_dot_)com>
From: <hacker(_at_)example(_dot_)com>
Header<SCRIPT>hello</SCRIPT>def: whatever
Fix: apply the "HTML quoting" capability to all header names and
values.
User workaround: remove the "-extra-" option from the "FieldOrder"
resource, which says which headers should be archived.
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2002-Oct-21 11:52 By: ehood
Escaping of the field labels added to htmlize_header()
function in mhutil.pl. This should close the vulnerability.
Fixed will be included in 2.5.13 release.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1468&group_id=1968
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV