[Mimedefang] Possible new filename exploit?
David F. Skoll
dfs at roaringpenguin.com
Tue Oct 8 08:08:01 EDT 2002
On Tue, 8 Oct 2002, Steffen Kaiser wrote:
> How about this:
> All _unquoted_ semicolons are replaced by ";\n\t", e.g.
> s/\;\s*(\S)/\;\n\t\1/g;
I'm not 100% certain, but I believe if you call action_rebuild() to force
MIME::Tools to regenerate the message, it will throw away attributes without
an equal sign, and it may add a space after unquoted semicolons. Worth
a test, anyway.
--
David.
More information about the MIMEDefang
mailing list