[10917] in bugtraq
Re: Outlook denial of service
daemon@ATHENA.MIT.EDU (Nicholas W. Blasgen)
Wed Jun 30 14:05:12 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <005e01bec1b0$8bc4fbe0$0400000a@refract.com>
Date: Mon, 28 Jun 1999 14:52:34 -0700
Reply-To: "Nicholas W. Blasgen" <nblasgen@REFRACT.COM>
From: "Nicholas W. Blasgen" <nblasgen@REFRACT.COM>
X-To: YoDuh <yoduh@GETACLUE.ORG>
To: BUGTRAQ@NETSPACE.ORG
I tested it with Outlook 2000 with Windows 98 and had no problem.
Nicholas Blasgen
Refract Media
"The hard part was figuring out how to destroy the
physical universe. But I think we've solved that."
- Marcus Larry, 1999
> I've found a problem in qualcomm popper (and presumabley others) in that
it
> doesn't check for an existing X-UIDL: headers, but simpley uses it when
the
> client sends in a uidl request. This problem can manifest itself as an
> effective denial of service attack against microsoft outlook clients
> because outlook looks for unique uidl's for each message and if there
are
> duplicates it will hang prior to downloading any mail. I've put up a
small
> web site detailing the problem and some possible work arounds/fixes at
>
> http://getaclue.org/yoduh/outlook.html
>
