Bugtraq mailing list archives

Re: Microsoft Security Bulletin (MS98-008)

From: brett () LARIAT ORG (Brett Glass)
Date: Tue, 28 Jul 1998 18:38:01 -0600


InfoWorld, at http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,
claims that the MIME filename overflow exploit affects Eudora. Is this correct?
This is the first I've heard of that mailer being vulnerable.

After seeing the QPopper holes and at least two bugs in Eudora that appear to be due to
buffer overruns, I'm willing to believe that Qualcomm has a general problem with
code quality, especially vis-a-vis safe string coding. But has Qualcomm stated
"yea" or "nay" on this? Or has anyone actually crashed Eudora via this bug?

--Brett

Current thread:

Re: Microsoft Security Bulletin (MS98-008) Eric Hunter (Jul 27)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS98-008) Aleph One (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 28)
- Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 28)
  - Re: Microsoft Security Bulletin (MS98-008) John Ladwig (Jul 29)
  - Re: Microsoft Security Bulletin (MS98-008) David Kozinn (Jul 29)
    - Re: Microsoft Security Bulletin (MS98-008) Brett Glass (Jul 29)