LeRoi
09-15-2003, 12:47 PM
TITLE:
Eudora Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA9729
VERIFY ADVISORY:
http://www.secunia.com/advisories/9729/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Eudora 6.x
DESCRIPTION:
Multiple vulnerabilities have been reported in Eudora 6 allowing
malicious people to spoof attachments or execute arbitrary code.
A boundary error when handling overly long filenames (250 characters
or longer) can be exploited to cause a buffer overflow. This crashes
Eudora but may potentially also allow exection of arbitrary code.
It is possible to cause Eudora to show a different name than the
actual attachment name. This may be exploited to trick users into
opening malicious files.
Other security issues have also been identified. However, they
trigger a warning dialog.
These issues have previously been reported for Eudora 5.
SOLUTION:
Configure your mail gateway to filter malicious emails or use a
different mail client.
REPORTED BY / CREDITS:
Paul Szabo
OTHER REFERENCES:
SA8258:
http://www.secunia.com/advisories/8258/
SA7529:
http://www.secunia.com/advisories/7529/
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Eudora Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA9729
VERIFY ADVISORY:
http://www.secunia.com/advisories/9729/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Eudora 6.x
DESCRIPTION:
Multiple vulnerabilities have been reported in Eudora 6 allowing
malicious people to spoof attachments or execute arbitrary code.
A boundary error when handling overly long filenames (250 characters
or longer) can be exploited to cause a buffer overflow. This crashes
Eudora but may potentially also allow exection of arbitrary code.
It is possible to cause Eudora to show a different name than the
actual attachment name. This may be exploited to trick users into
opening malicious files.
Other security issues have also been identified. However, they
trigger a warning dialog.
These issues have previously been reported for Eudora 5.
SOLUTION:
Configure your mail gateway to filter malicious emails or use a
different mail client.
REPORTED BY / CREDITS:
Paul Szabo
OTHER REFERENCES:
SA8258:
http://www.secunia.com/advisories/8258/
SA7529:
http://www.secunia.com/advisories/7529/
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.