Eudora 5.2.1 attachment spoof

• Previous message: Jeff Beckley: "Re: Restricted Zone: the OUTLOOK EXPRESS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 22 May 2003 14:54:13 +1000
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Qualcomm Eudora 5.2.1 has been released recently. Quoting from
http://www.eudora.com/download/eudora/windows/5.2.1/RelNotes.txt :

> Improved guarding against spoofed Attachment Converted: lines.

Attachments can still be spoofed by including a CR (ctrl-M, x0d, ASCII 13)
character anywhere within the "Attachment Converted:" string [these get
converted internally into a NUL (x00) and ignored], e.g.:

Attachments can still be spoofed by including a CR=x0d character anywhere
within the "Attachment Converted:" string (these get converted internally
into a NUL=x00 and ignored), e.g.:

Attachment<CR> Converted: "c:\winnt\system32\calc.exe" NoAttachIcon
Attachment Converted: "c:\winnt\system32\calc.exe" NoAttachIcon

(First line with four-character <CR> marker for the sake of Eudora users.)

For history, please see also:
  http://www.securityfocus.com/archive/1/299730
  http://www.securityfocus.com/archive/1/286634

Cheers,

Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
EXECUTIVE SEMINAR: "Information Security and the Disappearing Perimeter"

Join Peter S. Tippett, PhD, M.D., the industry's foremost authority on
network security, and TruSecure for a free breakfast seminar on "The Impact
of the Disappearing Perimeter." Learn how you can proactively protect your
organization against today's newest threats, including those from remote
users, business partners and wireless. To register, and to view the full
list of dates and cities, click below or call 1-888-396-8348.

http://www.trusecure.com/offer/s0096/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Jeff Beckley: "Re: Restricted Zone: the OUTLOOK EXPRESS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] Eudora 5.2.1 attachment spoof ... Qualcomm Eudora 5.2.1 has been released recently. ... converted internally into a NUL (x00) and ignored], ... Attachments can still be spoofed by including a CR=x0d character anywhere ... within the "Attachment Converted:" string (these get converted internally ... (Full-Disclosure) Eudora 5.2.1 attachment spoof ... Qualcomm Eudora 5.2.1 has been released recently. ... converted internally into a NUL (x00) and ignored], ... Attachments can still be spoofed by including a CR=x0d character anywhere ... within the "Attachment Converted:" string (these get converted internally ... (Bugtraq) RfD: Escaped Strings version 4 ... the S" string can only contain printable characters, ... the S" string cannot contain the '"' character, ... as an escape character for the entry of characters that cannot be ... \b BS (backspace, ASCII 8) ... (comp.lang.forth) RfD: Escaped Strings version 4 ... the S" string can only contain printable characters, ... the S" string cannot contain the '"' character, ... as an escape character for the entry of characters that cannot be ... \b BS (backspace, ASCII 8) ... (comp.lang.forth) Re: RfD: Escaped Strings ... the S" string can only contain printable characters, ... the S" string cannot contain the '"' character, ... \b BS (backspace, ASCII 8) ... \ ** escapes to characters much as C does. ... (comp.lang.forth)