[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-developers] possible vuln in email regex, advise fix
From: |
Chris Weiss |
Subject: |
[Phpgroupware-developers] possible vuln in email regex, advise fix |
Date: |
Thu, 15 Dec 2005 13:25:07 -0600 |
https://savannah.gnu.org/bugs/index.php?func=detailitem&item_id=15225
the short of it:
- email app uses "/" as the regex delimiter in the email attachemtn forwarding
- "/" is valid in a mime "boundary"
- a boundary with a / in it causes preg to think the regex is over
I don't know regex well enough to know how this could be exploited,
but it certainly prevents emails from being forwarded. We could
change the delimiter to something not valid per the RFC, but then a
specialy crafted boundary could still cause phpgw problems.
what do you think?
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-developers] possible vuln in email regex, advise fix,
Chris Weiss <=