Qualcomm Eudora MIME Message Nesting Denial of Service Vulnerability
BID:10137
Info
Qualcomm Eudora MIME Message Nesting Denial of Service Vulnerability
| Bugtraq ID: | 10137 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2004 12:00AM |
| Updated: | Apr 14 2004 12:00AM |
| Credit: | Discovery is credited to Paul Szabo <[email protected]>. |
| Vulnerable: |
Qualcomm Eudora 6.0.3 |
| Not Vulnerable: | |
Discussion
Qualcomm Eudora MIME Message Nesting Denial of Service Vulnerability
It has been reported that Eudora is prone to a denial of service vulnerability when handling e-mail containing excessive MIME nesting. The problem is known to occur when the application attempts to decode the deeply nested message.
Successful exploitation of this issue may allow an attacker to cause the application to crash due to corruption of stack memory. It is not known if this issue is further exploitable to execute arbitrary code.
It should be noted that this condition may be persistent since the offending message may remain in the client's mail spool.
Eudora 6.0.3 is reported to be vulnerable to this issue, however, other versions may be affected as well.
It has been reported that Eudora is prone to a denial of service vulnerability when handling e-mail containing excessive MIME nesting. The problem is known to occur when the application attempts to decode the deeply nested message.
Successful exploitation of this issue may allow an attacker to cause the application to crash due to corruption of stack memory. It is not known if this issue is further exploitable to execute arbitrary code.
It should be noted that this condition may be persistent since the offending message may remain in the client's mail spool.
Eudora 6.0.3 is reported to be vulnerable to this issue, however, other versions may be affected as well.
Exploit / POC
Qualcomm Eudora MIME Message Nesting Denial of Service Vulnerability
The following exploit has been provided:
The following exploit has been provided:
Solution / Fix
Qualcomm Eudora MIME Message Nesting Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Qualcomm Eudora MIME Message Nesting Denial of Service Vulnerability
References:
References:
- Eudora Product Homepage (Qualcomm)