Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Upgrading Eudora clients due to recent vulnerability

From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Wed, 23 Feb 2005 07:44:54 -0500
On Feb 14, 2005, at 10:17 AM, Robert Berlinger wrote:

On the vulnerability, see
http://www.ngssoftware.com/advisories/eudora-01.txt


Robert -- Thanks for the link to the NGSSoftware advisory.

Reading it, I see that they unequivocally state that the  vulnerability
allows the execution of arbitrary code.

The only note I found on www.eudora.com from Qualcomm/Eudora states
about a buffer overflow is:

       http://www.eudora.com/techsupport/kb/2485hq.html

Is this about the NGSSoftware advisory or an earlier problem?
It is talking about a problem in 6.0.* and earlier (rather than 6.2 and
earlier).

It says the possibility of the exploit exec'ing arbitrary code is just
'speculation' at this point
e.g. the bug is just known as a buffer overflow which crashes Eudora.

Or has Qualcomm/Eudora not posted a notice on this current problem on
their website nor responded publicly to it?

Is anyone else making plans to push upgrades or migrations of masses of
Eudora users to 6.2.1
or anything else?

- H. Morrow Long, CISSP, CISM, CEH
  University Information Security Officer
  Director -- Information Security Office
  Yale University, ITS




**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: