procmail
[Top] [All Lists]

Re: Help! Need to use procmail to fight dangerous security exploit

1998-07-29 02:26:15
On Tue, Jul 28, 1998 at 11:45:06PM -0700, Gregory Sutter wrote:

CHAR=[-_0-9A-Za-z]

:0
* ^Content-Disposition:[      ]*attachment;[  
]*filename="\/($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)
| formail -I 'Content-Disposition: attachment; filename="$MATCH"'

Stupid me, I forgot my $.  Make that:

CHAR=[-_0-9A-Za-z]

:0
* $ ^Content-Disposition:[      ]*attachment;[  
]*filename="\/($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)($CHAR)
| formail -I 'Content-Disposition: attachment; filename="$MATCH"' -i 
'X-Security-Guard: Truncated attachment filename'

Greg 
-- 
Gregory S. Sutter                 Bureaucrats cut red tape -- lengthwise.
mailto:gsutter(_at_)pobox(_dot_)com
http://www.pobox.com/~gsutter/