At 06:15 PM 8/7/2002, Atsushi Nishimura wrote:
>----------------------------------------------------------------------
>SNS Advisory No.55
>Eudora 5.x for Windows Buffer Overflow Vulnerability rev.2
>
>Problem first discovered: 6 Jun 2002
>Published: 5 Aug 2002
>Last revised: 8 Aug 2002
>----------------------------------------------------------------------
>
>Overview:
>---------
> Eudora 5.x for Windows contains a buffer overflow vulnerability,
> which could allow a remote attacker to execute arbitrary code.
>
>Problem Description:
>--------------------
> Eudora developed and distributed by QUALCOMM Inc.
> (http://www.qualcomm.com/), is a Mail User Agent running on Windows
> 95/98/2000/ME/NT 4.0 and MacOS 8.1 or later.
>
> The buffer overflow occurs when Eudora receives a message using 139 bytes
> or more of string as a boundary, which is used to divide a multi-part
> message into separate parts. In our verification environment, we have
> found that this could allow arbitrary commands to be executed.
>
For postfix users adding the following to header_checks should guard
against this problem
/boundary=.{138,}$/ REJECT MIME boundary too long
Not that only the most recent version of postfix understand mime so in
older versions (pre 20020525) nested mime won't be blocked by this.
John
John Pettitt Email: [EMAIL PROTECTED]
"Do what you feel in your heart to be right for you'll be criticized anyway."
-
Eleanor Roosevelt
