mhonarc-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bug #1468] XSS vulnerability in message header conversion

2002-10-21 09:52:50
from [nobody] [Permanent Link] 

=================== BUG #1468: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1468&group_id=1968

Changes by: Earl Hood <earl(_at_)earlhood(_dot_)com>
Date: 2002-Oct-21 11:52 (US/Central)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Fixed
              Status | Open                      | Closed
       Fixed Release |                           | 2.5.13


------------------ Additional Follow-up Comments ----------------------------
Escaping of the field labels added to htmlize_header()
function in mhutil.pl.  This should close the vulnerability.
Fixed will be included in 2.5.13 release.



=================== BUG #1468: FULL BUG SNAPSHOT ===================


Submitted by: ehood                     Project: MHonArc                        
Submitted on: 2002-Oct-21 11:51
Category:  Mail Parsing                 Severity:  9 - Critical                 
Bug Group:  Security                    Resolution:  Fixed                      
Assigned to:  ehood                     Status:  Closed                         
Platform Version:  All                  Perl Version:  all                      
Component Version:  <=2.5.12            Fixed Release:  2.5.13                  

Summary:  XSS vulnerability in message header conversion

Original Submission:  (Orginally submitted by Steven M. Christey via private 
mail)
1) Cross-site scripting (XSS) possibilities

   - XSS can be inserted into the message MIME header names, e.g.:

      To: <someone(_at_)example(_dot_)com>
      From: <hacker(_at_)example(_dot_)com>
      Header<SCRIPT>hello</SCRIPT>def: whatever

   Fix: apply the "HTML quoting" capability to all header names and
   values.

   User workaround: remove the "-extra-" option from the "FieldOrder"
   resource, which says which headers should be archived.

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Oct-21 11:52             By: ehood
Escaping of the field labels added to htmlize_header()
function in mhutil.pl.  This should close the vulnerability.
Fixed will be included in 2.5.13 release.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=1468&group_id=1968

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bug #1468] XSS vulnerability in message header conversion, nobody
Next by Date:  MHonArc Release: 2.5.13, Earl Hood
Previous by Thread:  [Bug #1468] XSS vulnerability in message header conversion, nobody
Next by Thread:  MHonArc Release: 2.5.13, Earl Hood
Indexes:  [Date] [Thread] [Top] [All Lists]