Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: eudora09.htm

Eudora Pro 4.2.0.5 long filename file attachment crash



Vulnerability

    Eudora

Affected

    Eudora Pro 4.2.0.5

Description

    Zoa_Chien found following.  He had  a quick look at this nice  bug
    in Eudora  that caused  many people  with Eudora  to crash.   More
    info can be found at:

        http://oliver.efri.hr/~crv/security/bugs/NT/krnl126.html

    If you mail  someone a file  that has an  extension with over  213
    chars in  it, eudora  will crash.   You could  test it  with  this
    filename:

        _.aaaabbbbccccddddeeeeffffgggghhhhiiiijjjjkkkkllllmmmmnnnnooooppppqqqqrrrr
        _.aaaabbbbccccddddeeeeffffgggghhhhiiiijjjjkkkkllllmmmmnnnnooooppppqqqqrrrrssssttttuuuuvvvvwwwwxxxxyyyyzzzzAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSTTTTUUUUWWWWXXXXYYYYZZZZ111122223333444455556666777788889999aaAAbbBB

    the 3334 are the first bytes  that overwrite the EIP.  Leaving  us
    very little space to execute some arbitrary code.

    If it's not possible to exploit... at least it's a nice DoS.

    For those  who want  to check  this out:  some guidelines for your
    convenience:

        - Unclick leave mail on server.
        - send yourself such a mail
        - "restore" eudora  by deleting the  /spool directory in  your
          eudora directory.

    Windows  2000  build  2195  with  Outlook  2000  might become very
    unstable afterwards (even after rebooting it became unstable again
    do reinstall from scratch was the only solution).

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH