[7481] in bugtraq
Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))
daemon@ATHENA.MIT.EDU (Chris Owen)
Wed Jul 29 21:43:36 1998
Date: Wed, 29 Jul 1998 13:11:06 -0500
Reply-To: Chris Owen <listsonly@GCNET.COM>
From: Chris Owen <listsonly@GCNET.COM>
X-To: Troy Ablan <chaser@SHORE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <006101bdbae6$92f1b380$33b773c6@lager.ecosoft.com>
On Wed, 29 Jul 1998, Troy Ablan wrote:
> At least some versions of Eudora Light prior to 3.0.5 return a Divide by
> Zero error and immediately close when trying to pop a message that has a
> ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)). This apparently
> corrupts the .mbx file, and both the message on the pop server and the
> .mbx file must be manually removed (or hacked) in order to proceed. I
> can't reproduce this problem with version 3.0.5, and I don't have
> available an older copy to re-try this.
>
> I discovered this anomoly doing ISP tech support for a customer.
>
> Can anyone confirm or deny this?
I know that with version up to at least 3.0.3, setting the clock forward
100 years will cause Eudora to cause a segmentation fault when sending
mail. Spent hours on this one ;-]
Chris
> -----Original Message-----
> From: Brett Glass <brett@LARIAT.ORG>
>
>
> >InfoWorld, at
> http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,
> >claims that the MIME filename overflow exploit affects Eudora. Is this
> correct?
> >This is the first I've heard of that mailer being vulnerable.
>
>
> -----------------------------------
> Troy Ablan
> shore.net technical support
> (781) 593-3110 x136
> -----------------------------------
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen ~ Lottery: A stupidity tax
PO Box 1985 ~ owenc@gcnet.com
Garden City, KS 67846 ~ http://www.gardencity.net/~owenc/
Voice: (316) 275-1900 ~ ftp://ftp.gardencity.net/pub/owenc/
Fax: (316) 275-0313 ~ 88 FA CF C6 65 23 63 C1 6E 80 AE 0B 51 C0 22 36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
