Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))

Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))

Alan Thew (Alan.ThewLIVERPOOL.AC.UK)
Thu, 30 Jul 1998 11:48:43 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vadim Fedukovich: "Re: [ NT SECURITY ALERT ] New Local GetAdmin Exploit"
Previous message: John D. Hardin: "Re: Long attachment filename exploits: a procmail filter"
In reply to: Chris Owen: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"
Next in thread: Alan Brown: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"

Certainly Eudora 1.5.4 generates divide by zero problems with bad dates,
these can all be fixed by deleting the *.toc files and manually editing
the mbx/spool files (no corruption seen here) and generating correct
date fields.

--
Alan Thew                                       alan.thewliverpool.ac.uk
Computing Services,University of Liverpool      Fax: +44 151 794-4442

On Wed, 29 Jul 1998, Chris Owen wrote:

>On Wed, 29 Jul 1998, Troy Ablan wrote:
>
>> At least some versions of Eudora Light prior to 3.0.5 return a Divide by
>> Zero error and immediately close when trying to pop a message that has a
>> ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)).  This apparently
>> corrupts the .mbx file, and both the message on the pop server and the
>> .mbx file must be manually removed (or hacked) in order to proceed.  I
>> can't reproduce this problem with version 3.0.5, and I don't have
>> available an older copy to re-try this.
>>
>> I discovered this anomoly doing ISP tech support for a customer.
>>
>> Can anyone confirm or deny this?
>
>I know that with version up to at least 3.0.3, setting the clock forward
>100 years will cause Eudora to cause a segmentation fault when sending
>mail.  Spent hours on this one ;-]
>
>Chris
>
>> -----Original Message-----
>> From: Brett Glass <brettLARIAT.ORG>
>>
>>
>> >InfoWorld, at
>> http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,
>> >claims that the MIME filename overflow exploit affects Eudora. Is this
>> correct?
>> >This is the first I've heard of that mailer being vulnerable.
>>
>>
>> -----------------------------------
>> Troy Ablan
>> shore.net technical support
>> (781) 593-3110 x136
>> -----------------------------------
>>
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Chris Owen             ~  Lottery: A stupidity tax
>PO Box 1985            ~  owencgcnet.com
>Garden City, KS 67846  ~  http://www.gardencity.net/~owenc/
>Voice: (316) 275-1900  ~  ftp://ftp.gardencity.net/pub/owenc/
>Fax:   (316) 275-0313  ~  88 FA CF C6 65 23 63 C1  6E 80 AE 0B 51 C0 22 36
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

Next message: Vadim Fedukovich: "Re: [ NT SECURITY ALERT ] New Local GetAdmin Exploit"
Previous message: John D. Hardin: "Re: Long attachment filename exploits: a procmail filter"
In reply to: Chris Owen: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"
Next in thread: Alan Brown: "Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))"