[7493] in bugtraq
Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008))
daemon@ATHENA.MIT.EDU (Alan Thew)
Thu Jul 30 14:07:04 1998
Date: Thu, 30 Jul 1998 11:48:43 +0100
Reply-To: Alan Thew <Alan.Thew@LIVERPOOL.AC.UK>
From: Alan Thew <Alan.Thew@LIVERPOOL.AC.UK>
X-To: Chris Owen <listsonly@GCNET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980729130957.14701A-100000@pop.gcnet.com>
Certainly Eudora 1.5.4 generates divide by zero problems with bad dates,
these can all be fixed by deleting the *.toc files and manually editing
the mbx/spool files (no corruption seen here) and generating correct
date fields.
--
Alan Thew alan.thew@liverpool.ac.uk
Computing Services,University of Liverpool Fax: +44 151 794-4442
On Wed, 29 Jul 1998, Chris Owen wrote:
>On Wed, 29 Jul 1998, Troy Ablan wrote:
>
>> At least some versions of Eudora Light prior to 3.0.5 return a Divide by
>> Zero error and immediately close when trying to pop a message that has a
>> ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)). This apparently
>> corrupts the .mbx file, and both the message on the pop server and the
>> .mbx file must be manually removed (or hacked) in order to proceed. I
>> can't reproduce this problem with version 3.0.5, and I don't have
>> available an older copy to re-try this.
>>
>> I discovered this anomoly doing ISP tech support for a customer.
>>
>> Can anyone confirm or deny this?
>
>I know that with version up to at least 3.0.3, setting the clock forward
>100 years will cause Eudora to cause a segmentation fault when sending
>mail. Spent hours on this one ;-]
>
>Chris
>
>> -----Original Message-----
>> From: Brett Glass <brett@LARIAT.ORG>
>>
>>
>> >InfoWorld, at
>> http://www.infoworld.com/cgi-bin/displayStory.pl?980728.ehbugs.htm,
>> >claims that the MIME filename overflow exploit affects Eudora. Is this
>> correct?
>> >This is the first I've heard of that mailer being vulnerable.
>>
>>
>> -----------------------------------
>> Troy Ablan
>> shore.net technical support
>> (781) 593-3110 x136
>> -----------------------------------
>>
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Chris Owen ~ Lottery: A stupidity tax
>PO Box 1985 ~ owenc@gcnet.com
>Garden City, KS 67846 ~ http://www.gardencity.net/~owenc/
>Voice: (316) 275-1900 ~ ftp://ftp.gardencity.net/pub/owenc/
>Fax: (316) 275-0313 ~ 88 FA CF C6 65 23 63 C1 6E 80 AE 0B 51 C0 22 36
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
