Bugtraq mailing list archives
procmail workaround for MIME filename overflow exploit
From: brett () LARIAT ORG (Brett Glass)
Date: Wed, 29 Jul 1998 13:47:11 -0600
John Hardin has just updated his procmail "kit" to shorten long file names on MIME attachments. This should prevent potential exploits in mail clients such as Outlook, Outlook Express, Netscape Mail, and possibly Eudora (there's still some debate about whether Eudora is susceptible). John's procmail filter kit can be found at http://www.wolfenet.com/~jhardin/procmail-kit.html You can view his "recipe" for solving the problem at the end of the file http://www.wolfenet.com/~jhardin/html-trap.procmail I have no idea whether his solution is bulletproof (we should all probably review it to be sure!), but it certainly looks good. Admins: it'd be a fantastic idea to install this NOW to protect users, unless anyone knows of security holes in procmail. --Brett Glass
Current thread:
- procmail workaround for MIME filename overflow exploit Brett Glass (Jul 29)