Bugtraq mailing list archives
Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))
From: listsonly () GCNET COM (Chris Owen)
Date: Wed, 29 Jul 1998 13:11:06 -0500
On Wed, 29 Jul 1998, Troy Ablan wrote:
At least some versions of Eudora Light prior to 3.0.5 return a Divide by Zero error and immediately close when trying to pop a message that has a ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)). This apparently corrupts the .mbx file, and both the message on the pop server and the .mbx file must be manually removed (or hacked) in order to proceed. I can't reproduce this problem with version 3.0.5, and I don't have available an older copy to re-try this. I discovered this anomoly doing ISP tech support for a customer. Can anyone confirm or deny this?
I know that with version up to at least 3.0.3, setting the clock forward 100 years will cause Eudora to cause a segmentation fault when sending mail. Spent hours on this one ;-] Chris
-----Original Message----- From: Brett Glass <brett () LARIAT ORG>InfoWorld, athttp://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,claims that the MIME filename overflow exploit affects Eudora. Is thiscorrect?This is the first I've heard of that mailer being vulnerable.----------------------------------- Troy Ablan shore.net technical support (781) 593-3110 x136 -----------------------------------
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chris Owen ~ Lottery: A stupidity tax PO Box 1985 ~ owenc () gcnet com Garden City, KS 67846 ~ http://www.gardencity.net/~owenc/ Voice: (316) 275-1900 ~ ftp://ftp.gardencity.net/pub/owenc/ Fax: (316) 275-0313 ~ 88 FA CF C6 65 23 63 C1 6E 80 AE 0B 51 C0 22 36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Troy Ablan (Jul 29)
- Eudora exploit confirmed on 3.05 Pro j.baggen () STL-GROUP COM (Jul 29)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Chris Owen (Jul 29)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Thew (Jul 30)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Brown (Jul 30)