Bugtraq mailing list archives
Eudora exploit (was Microsoft Security Bulletin (MS98-008))
From: chaser () SHORE NET (Troy Ablan)
Date: Wed, 29 Jul 1998 07:46:50 -0400
At least some versions of Eudora Light prior to 3.0.5 return a Divide by Zero error and immediately close when trying to pop a message that has a ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)). This apparently corrupts the .mbx file, and both the message on the pop server and the .mbx file must be manually removed (or hacked) in order to proceed. I can't reproduce this problem with version 3.0.5, and I don't have available an older copy to re-try this. I discovered this anomoly doing ISP tech support for a customer. Can anyone confirm or deny this? -----Original Message----- From: Brett Glass <brett () LARIAT ORG>
InfoWorld, at
http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,
claims that the MIME filename overflow exploit affects Eudora. Is this
correct?
This is the first I've heard of that mailer being vulnerable.
----------------------------------- Troy Ablan shore.net technical support (781) 593-3110 x136 -----------------------------------
Current thread:
- Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Troy Ablan (Jul 29)
- Eudora exploit confirmed on 3.05 Pro j.baggen () STL-GROUP COM (Jul 29)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Chris Owen (Jul 29)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Thew (Jul 30)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Brown (Jul 30)