On Wed, Feb 13, 2002 at 05:01:22PM -0500, Steve Perrault wrote: > At my place, I've noticed strange timeouts when there's carriage returns > jammed in the header. I'll use more to view the file, and it LOOKS fine, > but when I load it into a text editor, I see entries like > > Subject: earn^Mmoney n^Mow , where (^M is <CR>) > > When the message is there, OE 5 barfs. When it's removed, life is good.
Funny you mention it, this was just today reported to Bugtraq as an exploitable bug in OE. OE will treat carriage returns in headers as if they were newlines; it's exploitable because it means you can put an entire message including other exploits into something that looks like an ignored mail header to virus scanners and similar content filters. -- Clifton -- Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
