On Fri, 7 Aug 1998, John D. Hardin wrote:
Actually there were rumbles about this on bugtraq as far back as February.
I remember because it prompted me to add active-HTML tag mangling to my
procmail filter set.
BTW, just in case you haven't heard yet,
<PLUG TYPE="shameless">
Drop by http://www.wolfenet.com/~jhardin/procmail-security.html
</PLUG>
Comments solicited.
In the filter that attempts to sanitize <BODY ONLOAD="exploit"> tags, the
following Perl regular expression occurs:
s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi;
Dick St. Peters <stpeters(_at_)NetHeaven(_dot_)com> reports that on SunOS 4.1.3
+
Perl 5.004 this RE never exits, leading to massive system loads when mail
containing HTML is being processed.
I have confirmed it works properly under Linux 2.0.33 + Perl 5.004_01,
SunOS 4.1.4 + Perl 5.004_04 and Alpha OSF/1 V3.0 + Perl 5.004_04.
Can anyone confirm these results?
I have modified the released kit to use a simpler RE by default and offer
this as an alternative after testing.
If anybody else experiences a problem with this RE, either update to the
current kit or delete the offending line from the HTML filter perl script.
--
John Hardin KA7OHZ
jhardin(_at_)wolfenet(_dot_)com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the change
to take effect. Reboot now? [ OK ]
-----------------------------------------------------------------------
78 days until Daylight Savings Time ends