[Full-Disclosure] Eudora 5.2.1 buffer overflow DoS

From: Paul Szabo (psz_at_maths.usyd.edu.au)
Date: 05/23/03

  • Next message: Sir Mordred: "[Full-Disclosure] nessus NASL scripting engine security issues"
    To: NTBugtraq@listserv.ntbugtraq.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    Date: Fri, 23 May 2003 11:56:28 +1000 (EST)
    

    Building on my Eudora attachment spoof

      http://www.securityfocus.com/archive/1/322286

    I notice that sending a filename with many dots crashes Eudora, e.g.

      From: me
      To: you
      
      Attachment Converted<CR>: "\B.A.A.A ... .A.A.A"

    (with 122 repetitions of ".A") make it crash, writing an Exception.log
    file. (Fewer repetitions cause no problem; more cause Eudora to crash,
    without even an Exception.log.)

    Eudora is then unable to start, until the offending message is removed from
    In.mbx (using some utility other than Eudora itself).

    I do not know if this buffer overflow is exploitable: Exception.log says

    Exception code: c0000005 ACCESS_VIOLATION
    Fault address: 77e873bc 01:000063bc C:\WINNT\system32\KERNEL32.DLL
    Registers:
    EAX:ffffffff
    EBX:00000000
    ECX:00412e35
    ...

    (only ECX seems controllable).

    (Tested with Eudora 5.2.1 on Windows 2000.)

    Cheers,

    Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
    School of Mathematics and Statistics University of Sydney 2006 Australia
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Sir Mordred: "[Full-Disclosure] nessus NASL scripting engine security issues"

    Relevant Pages

    • Eudora 5.2.1 buffer overflow DoS
      ... I notice that sending a filename with many dots crashes Eudora, ... (Fewer repetitions cause no problem; more cause Eudora to crash, ...
      (Bugtraq)
    • Eudora 5.2.1 buffer overflow DoS
      ... I notice that sending a filename with many dots crashes Eudora, ... (Fewer repetitions cause no problem; more cause Eudora to crash, ...
      (Full-Disclosure)
    • [Full-Disclosure] Eudora 5.2.1 buffer overflow DoS
      ... I notice that sending a filename with many dots crashes Eudora, ... (Fewer repetitions cause no problem; more cause Eudora to crash, ...
      (Full-Disclosure)
    • [Full-Disclosure] Eudora 5.2.1 buffer overflow DoS
      ... I notice that sending a filename with many dots crashes Eudora, ... (Fewer repetitions cause no problem; more cause Eudora to crash, ...
      (Full-Disclosure)
    • Re: MailForge from scratch
      ... It's very strange -- I really have very few problems with Eudora on Snow ... I trash one by one or few by few, but no crash and no restart needed. ... I boot my mac once evry month... ...
      (comp.mail.eudora.mac)