[14918] in bugtraq
Re: Eudora Pro & Outlook Overflow - too long filenames again
daemon@ATHENA.MIT.EDU (Henrik .H)
Tue May 16 16:47:49 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.5.32.20000516201316.007ab800@chroot.net>
Date: Tue, 16 May 2000 20:13:16 +0200
Reply-To: "Henrik .H" <badz@CHROOT.NET>
From: "Henrik .H" <badz@CHROOT.NET>
X-To: Ultor <Ultor@HERT.ORG>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <002801bfbe6c$eccd5bd0$0100a8c0@ultor>
At 14:56 2000-05-15 +0200, Ultor wrote:
>==== APPLICATIONS AFFECTED
>
>Qualcomm Eudora Pro (all versions)
>Outlook Express 4.*
>Microsoft Outlook 98
>
>Eudora Light and Outlook Express 5.0 are NOT affected
Eudora Light (3.0) _is_ affected.
No file extension are needed.
>==== DESCRIPTION
>
>These e-mail/news programs improperly handle filenames of files attached in
>e-mails. Too long filename can result in a buffer overflow condition when
>the program processes the attachment and tries to save the temporary file.
>
>As the reader generally processes the attachments when the user reads the
>message, the buffer overflow condition can be initiated.
>
>In Outlook if filename got graphic file extension then the buffer overflow
>condition can be initiated when trying to view the message (my last post on
>BUGTRAQ) if not then overflow will occur if user will try to save/open
>attached file.
>
>In Eudora Pro e-mail is processed while downloading mail from server so
>buffer overflow occurs when message is processed from spool directory. This
>can even lock e-mail account for the Eudora Pro users. As i know same
>problem is in Microsoft Outlook 98 version.
>
>==== EXAMPLE
>
>Example Outlook e-mails are attached with this message (sorry to all Eudora
>Pro
>users for latest problems).
>
>==== EXPLOITATION
>
>possible ... have fun =)
>
>==== PATCHES
>
>If you use Outlook 98 or 4.* then change it on 5.* version. If you like
>Eudora style then use Eudora Light or wait for Eudora Pro patches.
>
>PS. In my opinion saving temporary files with same filenames as files
>attached in e-mail is very lame. They should use random filenames.
>
>==== CREDITS
>
>Greetz for notice that Eudora Pro is vulnerable for same bug as Outlook to:
>
>Felicia Catherine Kaye <feline@feline.pp.se>
>Michael Smith <mike@icon.co.za>
>
>Greeetz to HERT,Lam3rZ,TESO
>
>----------------------
>Mark Bialoglowy [Ultor@hert.org] --- Network Security Consultant
>Age: 19 -- Country: PL -- PGP: http://www.hert.org/pgp/Ultor.asc
>CODE: C / Delphi / w32asm / Linux / SQL / CGI / HTML / VRML / AI
>----------------------
>
>
