[Esa-l] html-trap.procmail 1.113 a bit too hair triggered...

Matthew Seaman m.seaman at inpharmatica.co.uk
Mon Jul 24 05:46:52 PDT 2000


Got a false positive here on a valid Message-ID.  I guess a few more dots in
the RE at line 146 of html-trap.procmail might be in order?  According to the
exploit script at

http://www.securityfocus.com/data/vulnerabilities/exploits/outoutlook.pl

it takes more than 945 characters to overflow the buffer in Outlook: this
patch allows header lines up to 256 characters after the colon.  As my mailer
would now proceed to wrap those lines at 78 characters, the patch is
uuencoded...

begin 644 html-trap.procmail.diff
M+2TM(&AT;6PM=')A<"YP<F]C;6%I;"YO<FEG"4UO;B!*=6P@,C0@,3,Z,#DZ
M,C$@,C`P,`HK*RL@:'1M;"UT<F%P+G!R;V-M86EL"4UO;B!*=6P@,C0@,3,Z
M,S8Z-#`@,C`P,`I`0"`M,30S+#<@*S$T,RPW($!`"B`C"B`*(#HP"BTJ(%Y<
M+RA$871E?%)E<V5N="U$871E?$UI;64M5F5R<VEO;GQ-97-S86=E+4E$?%)E
M='5R;BU0871H*3H at +BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXJ"BLJ(%Y<+RA$871E?%)E<V5N="U$871E?$UI;64M5F5R<VEO;GQ-97-S
M86=E+4E$?%)E='5R;BU0871H*3H at +BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BH*('L*("`@3$]'/2)4<F%P<&5D(&5X8V5S<VEV96QY(&QO;F<@
M:&5A9&5R<R1354)*(@H@("!35$%455,](E-405154SH at 365S<V%G92!B;W5N
&8V5D+B(*
`
end


Here's the headers from the bounced message:


Procmail Security daemon wrote:
> 
> Trapped excessively long header:
> Message-ID: <Pine.LNX.4.21.0007241214330.21209-100000 at high-st-kensington.inpharmatica.co.uk>
> 
> STATUS: Message quarantined in /dev/null, not delivered to recipient.
> 
> Headers from message:
> 
> > From tim at inpharmatica.co.uk  Mon Jul 24 12:15:12 2000
> > Return-Path: <tim at inpharmatica.co.uk>
> > Received: from high-st-kensington.inpharmatica.co.uk (root at high-st-kensington.inpharmatica.co.uk [192.168.122.116])
> >       by mailhost.inpharmatica.co.uk (8.9.3/8.9.3) with ESMTP id MAA53338
> >       for <karen at inpharmatica.co.uk>; Mon, 24 Jul 2000 12:15:11 +0100 (BST)
> >       (envelope-from tim at inpharmatica.co.uk)
> > Received: from localhost (tim at localhost)
> >       by high-st-kensington.inpharmatica.co.uk (8.9.3/8.9.3) with ESMTP id MAA21214
> >       for <karen at inpharmatica.co.uk>; Mon, 24 Jul 2000 12:15:11 +0100
> > X-Authentication-Warning: high-st-kensington.inpharmatica.co.uk: tim owned process doing -bs
> > Date: Mon, 24 Jul 2000 12:15:11 +0100 (BST)
> > From: Tim Burgis <tim at inpharmatica.co.uk>
> > To: Karen Flanagan <karen at inpharmatica.co.uk>
> > Subject: Re: ?
> > In-Reply-To: <Pine.LNX.4.21.0007241204220.20958-100000 at finchley-rd.inpharmatica.co.uk>
> > Message-ID: <Pine.LNX.4.21.0007241214330.21209-100000 at high-st-kensington.inpharmatica.co.uk>
> > MIME-Version: 1.0
> > Content-Type: TEXT/PLAIN; charset=US-ASCII
> >

	Matthew

-- 
           Certe, Toto, sentio nos in Kansate non iam adesse.

   Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1T 2NU
            Tel: +44 20 7631 4644 x229  Fax: +44 20 7631 4844




More information about the esd-l mailing list