Bugtraq mailing list archives

Eudora exploit (was Microsoft Security Bulletin (MS98-008))

From: chaser () SHORE NET (Troy Ablan)
Date: Wed, 29 Jul 1998 07:46:50 -0400


At least some versions of Eudora Light prior to 3.0.5 return a Divide by
Zero error and immediately close when trying to pop a message that has a
ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)).  This apparently
corrupts the .mbx file, and both the message on the pop server and the .mbx
file must be manually removed (or hacked) in order to proceed.  I can't
reproduce this problem with version 3.0.5, and I don't have available an
older copy to re-try this.

I discovered this anomoly doing ISP tech support for a customer.

Can anyone confirm or deny this?


-----Original Message-----
From: Brett Glass <brett () LARIAT ORG>

InfoWorld, at

http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,

claims that the MIME filename overflow exploit affects Eudora. Is this

correct?

This is the first I've heard of that mailer being vulnerable.



-----------------------------------
Troy Ablan
shore.net technical support
(781) 593-3110 x136
-----------------------------------

Current thread:

Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Troy Ablan (Jul 29)
- Eudora exploit confirmed on 3.05 Pro j.baggen () STL-GROUP COM (Jul 29)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Chris Owen (Jul 29)
  - Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Thew (Jul 30)
  - Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Brown (Jul 30)