|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Mitigators for possible exploit of Eudora via Guninski #21,2000
From: pchelp (pchelp
PC-HELP.ORG)Date: Thu Sep 21 2000 - 17:59:58 CDT
- Next message: Frank Heyne: "Re: Unknown Account on windows NT files and directories"
- Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server"
- In reply to: Russ: "Mitigators for possible exploit of Eudora via Guninski #21,2000"
- Next in thread: Jeff Beckley: "Re: Mitigators for possible exploit of Eudora via Guninski #21,2000"
- Reply: pchelp: "Re: Mitigators for possible exploit of Eudora via Guninski #21,2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 03:12 PM 9/21/00 -0400, Russ wrote:
>Folks,
>Further discussions of Guninski Security Advisory #21,2000 on Bugtraq has
>brought to light at least one way the automatic launching of .dlls by Office
>documents can cause a remote security exploit.
>Eudora, all versions (I believe), stores attachments automatically into a
>directory specified by the user (either at installation time or from command
>line execution). Whenever a Eudora user POP's an email message from their
>mail server, any attachments accompanying the message are automatically
>stored on the user's hard disk without prompting.
In Eudora Pro, the default attachments directory is C:\Program
Files\Eudora\Attach. Because of this and other vulnerabilities, it is
always advisable to set this to a non-default directory.
...
>In an attempt to be pro-active, the following suggestions are offered for
>your consideration;
...
>4. The Eudora.ini file contains;
>
>AutoReceiveAttachmentsDirectory=
>
>which can be configured to point to a more secured location (where execute
>can be denied). Might also be able to point it to a non-existent directory
>to avoid attachments altogether (but this would likely cause numerous error
>messages).
In Win9x systems, and I suspect NT as well, I believe it can be set to a
NUL path, such as c:\nul or c:\progra~1\nul. That should send the data to
oblivion without any error messages.
pchelp
-- http://www.pc-help.org http://www.nwi.net/~pchelp/ Trace that spam with the Network Tracer! http://pc-help.org/trace.htm---------------------------------------------------------------------------- Delivery co-sponsored by eEye Digital Security ============================================================================ Vulnerability Is Over ... eEye Digital Security Announces Retina(tm)
Retina, the unparalleled network security product that scans, monitors, alerts, and automatically fixes network security vulnerabilities. Retina includes an auto-update feature providing continuous update of its modules, allowing users to keep pace with the latest security vulnerabilities. Retina, the first network security software that works like an around-the-clock human network security analyst. Available for download; <http://www.eeye.com/click.asp?referrer=ntbugtraq1&P;=retina> ----------------------------------------------------------------------------
- Next message: Frank Heyne: "Re: Unknown Account on windows NT files and directories"
- Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server"
- In reply to: Russ: "Mitigators for possible exploit of Eudora via Guninski #21,2000"
- Next in thread: Jeff Beckley: "Re: Mitigators for possible exploit of Eudora via Guninski #21,2000"
- Reply: pchelp: "Re: Mitigators for possible exploit of Eudora via Guninski #21,2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]