[Esa-l] Re: Fwd: CERT Advisory CA-2000-16

John D. Hardin jhardin at wolfenet.com
Thu Aug 17 06:57:02 PDT 2000 

On Mon, 14 Aug 2000, Brett Glass wrote:

> Note that the extensions .mda and .mdw are not on the current
> default MANGLE_EXTENSIONS list. After reading the attached
> advisory, I've added them to mine.... I think you'll agree that
> they should be on the default list.
>
> >Appendix A. Vendor Information
> >
> >Microsoft Corporation
> >
> >   Microsoft has published the following documents regarding this issue:
> >
> >        http://www.microsoft.com/technet/security/bulletin/ms00-049.asp
> >        http://www.microsoft.com/technet/security/bulletin/fq00-049.asp
> >        http://www.microsoft.com/technet/support/kb.asp?ID=269368
> >
> >Appendix B. Additional Information
> >
> >   The full list of OBJECT tag extensions which may be used to exploit
> >   this vulnerability is listed below:
> >
> >     * .adp - Microsoft Access project file
> >     * .ade - ADP file with all modules compiled and all editable source
> >              code removed
> >
> >     * .mdb - Microsoft Access database file
> >     * .mde - MDB file with all modules compiled and all editable source
> >              code removed
> >     * .mda - Microsoft Access VBA add-in
> >
> >     * .mdw - Microsoft Access workgroup information file synonym for
> >              the system database used to store group and user account
> >              names and the passwords used to authenticate users when
> >              they log on to an Access database or MDE file secured
> >              with user-level security

The default MANGLE_EXTENSIONS will include these in the next release.

If you are overriding the default you should alter your customized
MANGLE_EXTENSIONS.

Currently:
  MANGLE_EXTENSIONS='html?|exe|com|cmd|bat|pif|sc[rt]|lnk|do[ct]|xl[swt]|p[po]t|rtf|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[be]|ms[ip]|reg|asd'

New:
  MANGLE_EXTENSIONS='html?|exe|com|cmd|bat|pif|sc[rt]|lnk|do[ct]|xl[swt]|p[po]t|rtf|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[abew]|ms[ip]|reg|asd'

The change is small, adding "aw" to the md? regexp.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   73 days until Daylight Savings Time ends

More information about the esd-l mailing list