Qualcomm Eudora Pro Long Filename Attachment Vulnerability
BID:1210
Info
Qualcomm Eudora Pro Long Filename Attachment Vulnerability
| Bugtraq ID: | 1210 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 15 2000 12:00AM |
| Updated: | May 15 2000 12:00AM |
| Credit: | Posted to BugTraq by "Ultor", <[email protected]> Additional credit: Felicia Catherine Kaye <[email protected]> Michael Smith <[email protected]> Ron Moritz <[email protected]> |
| Vulnerable: |
Qualcomm Eudora Pro 1.0 0 Qualcomm Eudora Light 3.0 Qualcomm Eudora 4.3 Qualcomm Eudora 4.2 |
| Not Vulnerable: |
Qualcomm Eudora 4.3.2 |
Discussion
Qualcomm Eudora Pro Long Filename Attachment Vulnerability
Eudora improperly handles filenames of files attached in e-mails. An exceedingly long filename can result in a buffer overflow condition when the program processes the attachment and tries to save the temporary file. In Eudora e-mail is processed while downloading mail from the server so buffer overflow occurs when the message is processed from the spool directory. This can even lock the e-mail account of the Eudora user. Attacker-supplied data makes it into EIP, so execution of arbitrary remote code is a possiblity. Deleting the offending file from the attachment directory under a DOS prompt reportedly allows Eudora to regain functionality.
Eudora improperly handles filenames of files attached in e-mails. An exceedingly long filename can result in a buffer overflow condition when the program processes the attachment and tries to save the temporary file. In Eudora e-mail is processed while downloading mail from the server so buffer overflow occurs when the message is processed from the spool directory. This can even lock the e-mail account of the Eudora user. Attacker-supplied data makes it into EIP, so execution of arbitrary remote code is a possiblity. Deleting the offending file from the attachment directory under a DOS prompt reportedly allows Eudora to regain functionality.
Solution / Fix
Qualcomm Eudora Pro Long Filename Attachment Vulnerability
Solution:
Eudora 4.3.2 replaces all previous regular, Pro and Light versions and is not vulnerable to this issue.
Qualcomm Eudora Pro 1.0 0
Qualcomm Eudora Light 3.0
Qualcomm Eudora 4.2
Qualcomm Eudora 4.3
Solution:
Eudora 4.3.2 replaces all previous regular, Pro and Light versions and is not vulnerable to this issue.
Qualcomm Eudora Pro 1.0 0
-
Qualcomm Eudora 4.3.2
http://eudora-survey1.qualcomm.com/live/download
Qualcomm Eudora Light 3.0
-
Qualcomm Eudora 4.3.2
http://eudora-survey1.qualcomm.com/live/download
Qualcomm Eudora 4.2
-
Qualcomm Eudora 4.3.2
http://eudora-survey1.qualcomm.com/live/download
Qualcomm Eudora 4.3
-
Qualcomm Eudora 4.3.2
http://eudora-survey1.qualcomm.com/live/download
References
Qualcomm Eudora Pro Long Filename Attachment Vulnerability
References:
References: