[esd-l] ANN: Javascript Obfuscation patch for 1.151 and earlier
John D. Hardin
jhardin at impsec.org
Mon Feb 13 09:11:27 PST 2006
All:
I've seen an email with a javascript obfuscation technique that the
sanitizer didn't detect. I've produced a quick patch to cover it. This
patch works with 1.151 and should work with earlier releases as well.
The patch is available at:
http://www.impsec.org/email-tools/obfuscated_javascript.patch
And applying it is simple. To apply the patch, save the patch to the
directory where your sanitizer is saved (typically /etc/procmail) and
run the following command:
patch --backup <obfuscated_javascript.patch
Applying this patch is recommended, as the obfuscation technique was
seen in a message in-the-wild, and may be part of a currently active
attack vector.
This patch or an improved version will be in the next stable release.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The first time I saw a bagpipe, I thought the player was torturing
an octopus. I was amazed they could scream so loudly.
-- cat_herder_5263 on Y! SCOX
-----------------------------------------------------------------------
9 days until George Washington's 274th Birthday
More information about the esd-l
mailing list