[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

2010-12-30 Thread Earl Hood

URL:
  

 Summary: CVE-2010-1677: DoS when processing html messages
with deep tag nesting
 Project: MHonArc
Submitted by: ehood
Submitted on: Thu 30 Dec 2010 02:45:51 PM CST
Category: MIME Filter
Severity: 6 - Security
  Item Group: Undesired Behavior
  Status: In Progress
 Privacy: Private
 Assigned to: ehood
 Open/Closed: Open
 Discussion Lock: Any
Operating System: All
Perl Version: All
   Component Version: 2.6.16
   Fixed Release: 

___

Details:

If a malformed HTML message contains something like the following:

  dy>dy>dy>dy>

But to a much larger extent, will cause mhonarc to consume
a alot of CPU resources to strip out the data.




___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.nongnu.org/

-
To sign-off this list, send email to majord...@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-DEV



[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

2010-12-30 Thread Earl Hood

Update of bug #32014 (project mhonarc):

  Status: In Progress => Ready For Test 

___

Follow-up Comment #1:

mhtxthtml.pl filter modified to reject any message with
nested tags.  This is invalid HTML, so any message
that contains it would likely indicate someone trying
to attack an archive web site.

___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.nongnu.org/

-
To sign-off this list, send email to majord...@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-DEV



[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

2011-01-09 Thread Earl Hood

Update of bug #32014 (project mhonarc):

  Status:  Ready For Test => Fixed  
   Fixed Release: => 2.6.17 


___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.nongnu.org/

-
To sign-off this list, send email to majord...@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-DEV



[bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting

2011-01-09 Thread Earl Hood

Update of bug #32014 (project mhonarc):

  Item Group:  Undesired Behavior => Security   
 Privacy: Private => Public 
 Open/Closed:Open => Closed 


___

Reply to this item at:

  

___
  Message sent via/by Savannah
  http://savannah.nongnu.org/

-
To sign-off this list, send email to majord...@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-DEV