[Mimedefang] [esd-l] NOTICE: ZIP archived filename length checks in Sanitizer (fwd)

Sun, 10 Sep 2006 23:09:05 -0700

I believe the patch described here is trapping archives containing files with names more than 250 characters long. 

------------ Forwarded Message ------------
Date: Saturday, September 09, 2006 9:19 PM -0700
From: "John D. Hardin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Procmail Users List <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: [esd-l] NOTICE: ZIP archived filename length checks in Sanitizer

All:

A BO vulnerability has been announced in the DUNZIP32.dll zipfile
library used by many commercial programs, including Lotus Notes and
Real Audio player.

In an attempt to mitigate this vulnerability, archived filename length
checks have been added to the development version of the Procmail
Email Sanitizer, and a patch to add these checks to recent stable
releases is also available.

The patch is available at:

http://www.impsec.org/email-tools/sanitizer_zip_filename_length.patch

The development version of the sanitizer is available at:

http://www.impsec.org/email-tools/development/

The sanitizer home page is:

http://www.impsec.org/email-tools/procmail-security.html

--
John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]    FALaholic #11174    pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 It is not the business of government to make men virtuous or
 religious, or to preserve the fool from the consequences of his own
 folly.                                              -- Henry George
-----------------------------------------------------------------------
8 days until The 219th anniversary of the signing of the U.S. Constitution

_______________________________________________
esd-l mailing list
[EMAIL PROTECTED]
http://www.impsec.org/mailman/listinfo/esd-l

---------- End Forwarded Message ----------




_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to