[Esd-l] Palyh worm

John D. Hardin jhardin at impsec.org
Tue May 20 14:39:34 PDT 2003

On Tue, 20 May 2003, Kenneth Porter wrote:

> But .pi still looks like it might be an issue.

According to McAfee's writeup, the .pif -> .pi occurs at the client
due to a missing close quote. The sanitizer cleans up the closing
quote as part of header sanitizing, so this shouldn't be an issue.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
   532 days until the Presidential Election

More information about the esd-l mailing list