|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Eudora Pro & Outlook Overflow - too long filenames again
From: Henrik .H (badz
CHROOT.NET)Date: Tue May 16 2000 - 13:13:16 CDT
- Next message: Josh Rollyson: "Fwd: [nohack] Yet another way to disguise files."
- Previous message: Microsoft Security Response Center: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
- In reply to: Ultor: "Eudora Pro & Outlook Overflow - too long filenames again"
- Reply: Henrik .H: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 14:56 2000-05-15 +0200, Ultor wrote:
>==== APPLICATIONS AFFECTED
>
>Qualcomm Eudora Pro (all versions)
>Outlook Express 4.*
>Microsoft Outlook 98
>
>Eudora Light and Outlook Express 5.0 are NOT affected
Eudora Light (3.0) _is_ affected.
No file extension are needed.
>==== DESCRIPTION
>
>These e-mail/news programs improperly handle filenames of files attached in
>e-mails. Too long filename can result in a buffer overflow condition when
>the program processes the attachment and tries to save the temporary file.
>
>As the reader generally processes the attachments when the user reads the
>message, the buffer overflow condition can be initiated.
>
>In Outlook if filename got graphic file extension then the buffer overflow
>condition can be initiated when trying to view the message (my last post on
>BUGTRAQ) if not then overflow will occur if user will try to save/open
>attached file.
>
>In Eudora Pro e-mail is processed while downloading mail from server so
>buffer overflow occurs when message is processed from spool directory. This
>can even lock e-mail account for the Eudora Pro users. As i know same
>problem is in Microsoft Outlook 98 version.
>
>==== EXAMPLE
>
>Example Outlook e-mails are attached with this message (sorry to all Eudora
>Pro
>users for latest problems).
>
>==== EXPLOITATION
>
>possible ... have fun =)
>
>==== PATCHES
>
>If you use Outlook 98 or 4.* then change it on 5.* version. If you like
>Eudora style then use Eudora Light or wait for Eudora Pro patches.
>
>PS. In my opinion saving temporary files with same filenames as files
>attached in e-mail is very lame. They should use random filenames.
>
>==== CREDITS
>
>Greetz for notice that Eudora Pro is vulnerable for same bug as Outlook to:
>
>Felicia Catherine Kaye <felinefeline.pp.se>
>Michael Smith <mikeicon.co.za>
>
>Greeetz to HERT,Lam3rZ,TESO
>
>----------------------
>Mark Bialoglowy [Ultorhert.org] --- Network Security Consultant
>Age: 19 -- Country: PL -- PGP: http://www.hert.org/pgp/Ultor.asc
>CODE: C / Delphi / w32asm / Linux / SQL / CGI / HTML / VRML / AI
>----------------------
>
>
- Next message: Josh Rollyson: "Fwd: [nohack] Yet another way to disguise files."
- Previous message: Microsoft Security Response Center: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
- In reply to: Ultor: "Eudora Pro & Outlook Overflow - too long filenames again"
- Reply: Henrik .H: "Re: Eudora Pro & Outlook Overflow - too long filenames again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]