[7469] in bugtraq
Eudora exploit (was Microsoft Security Bulletin (MS98-008))
daemon@ATHENA.MIT.EDU (Troy Ablan)
Wed Jul 29 15:27:52 1998
Date: Wed, 29 Jul 1998 07:46:50 -0400
Reply-To: Troy Ablan <chaser@SHORE.NET>
From: Troy Ablan <chaser@SHORE.NET>
To: BUGTRAQ@NETSPACE.ORG
At least some versions of Eudora Light prior to 3.0.5 return a Divide by
Zero error and immediately close when trying to pop a message that has a
ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)). This apparently
corrupts the .mbx file, and both the message on the pop server and the .mbx
file must be manually removed (or hacked) in order to proceed. I can't
reproduce this problem with version 3.0.5, and I don't have available an
older copy to re-try this.
I discovered this anomoly doing ISP tech support for a customer.
Can anyone confirm or deny this?
-----Original Message-----
From: Brett Glass <brett@LARIAT.ORG>
>InfoWorld, at
http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,
>claims that the MIME filename overflow exploit affects Eudora. Is this
correct?
>This is the first I've heard of that mailer being vulnerable.
-----------------------------------
Troy Ablan
shore.net technical support
(781) 593-3110 x136
-----------------------------------
