[Esd-l] Important vulnerability to watch for in e-mail
scanners/sanitizers
John D. Hardin
jhardin at impsec.org
Tue Apr 2 19:47:00 PST 2002
On Tue, 2 Apr 2002, Brett Glass wrote:
> >The MS-Windows operating system on the
> >other hand disregards a dot at the end of a file name. When Windows is
> >given a file name ending with a dot, it will automatically remove the
> >dot from the file name extension. When Outlook or Outlook Express
> >receives a file name that ends with a dot, it will present the dot, but
> >will launch the appropriate application when the file is double-clicked,
> >as if the dot does not exist.
Sigh. Why does this not surprise me? I suppose it behaves the same way
with trailing spaces. Anyone care to wager?
I suppose I'll add the option to ignore or strip from filenames ANY
trailing punctuation marks or whitespace. Or rather, default to doing
so and an option to suppress that so that the sanitizer "fails
secure".
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
945 days until the Presidential Election
More information about the esd-l
mailing list