Bugtraq mailing list archives
Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability
From: Hack Hawk <hugh () hackhawk net>
Date: Mon, 05 Aug 2002 18:00:31 -0700
Quick note/warning on testing.As I use Eudora, I'm currently developing a work around to protect myself from this vulnerability. Basically just a filter program on the Linux server.
The magic number is no more than 150 bytes for the boundary. I guess it's time to start pounding the buffer checks for Eudora before I continue using the program.
Warning: Once I caused Eudora to crash, I was unable to get Eudora back up and running until I performed the following steps.
1) Copied In.mbx & In.toc to my Linux server.2) Removed the new records and header data from the bottom of the above files using the vi editor (as it protects the binary format of the files)
3) Copied the above files back to my Windows Eudora folder. 4) Removed the offending data within the spool/name () domainname tld sub-folderI had to answer one question about recreating a new toc file, but things are pretty much back to normal.
- hawk At 11:24 PM 08/04/2002, snsadv () lac co jp wrote:
---------------------------------------------------------------------- SNS Advisory No.55 Eudora 5.x for Windows Buffer Overflow Vulnerability Problem first discovered: 6 Jun 2002 Published: 5 Aug 2002 ---------------------------------------------------------------------- Overview: --------- Eudora 5.x for Windows contains a buffer overflow vulnerability, which could allow a remote attacker to execute arbitrary code. Problem Description: -------------------- Eudora developed and distributed by QUALCOMM Inc. (http://www.qualcomm.com/), is a Mail User Agent running on Windows 95/98/2000/ME/NT 4.0 and MacOS 8.1 or later. The buffer overflow occurs when Eudora receives a message using a long string as a boundary, which is used to divide a multi-part message into separate parts. In our verification environment, we have found that this could allow arbitrary commands to be executed. Tested Version: --------------- Eudora 5.0-J for Windows (Ver.5.0.2-Jr2 trial) [Japanese] Eudora 5.1.1 for Windows (Sponsored Mode) [English] Tested OS: ---------- Microsoft Windows 2000 Professional SP2 [Japanese] Microsoft Windows 98 SE [Japanese] Solution: --------- The problem will be fixed in the next release of Eudora. The vendor has not reported when the next release will be available. Communication background: ------------------------- 6 Jun 2002 : We discovered the vulnerability. 6 Jun 2002 : We reported the findings to Livin' on the EDGE Co., Ltd. (user support of Japanese version) . 14 Jun 2002 : the findings were reported again to Livin' on the EDGE Co., Ltd. . 17 Jun 2002 : We contacted QUALCOMM Inc. . 18 Jun 2002 : QUALCOMM Inc. sent a reply stating that they had started an investigation of the problem. 3 Jul 2002 : We asked QUALCOMM Inc. about the progress of the investigation 19 Jul 2002 : We asked QUALCOMM Inc. again about the progress of the investigation 24 Jul 2002 : We informed QUALCOMM Inc. about the announcement schedule of this advisory 25 Jul 2002 : QUALCOMM Inc. reported that this problem will be fixed in the next release 5 Aug 2002 : We decided to disclose this vulnerability due to concern over the potential consequences this issue may cause. Livin' on the EDGE Co., Ltd. has not provided any comments on this issue as of August 5, 2002. Discovered by: -------------- Nobuo Miwa (LAC / n-miwa () lac co jp) Disclaimer: ----------- All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information. ------------------------------------------------------------------ SecureNet Service(SNS) Security Advisory <snsadv () lac co jp> Computer Security Laboratory, LAC http://www.lac.co.jp/security/
Current thread:
- [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability snsadv (Aug 05)
- Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability Hack Hawk (Aug 06)
- Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET / Loki (Aug 06)
- Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability John D. Hardin (Aug 16)
- Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability Kanatoko (Aug 06)
- Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability Steven Michaud (Aug 10)
- Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability Hack Hawk (Aug 06)