Bugtraq mailing list archives

Eudora exploit confirmed on 3.05 Pro

From: j.baggen () STL-GROUP COM (j.baggen () STL-GROUP COM)
Date: Wed, 29 Jul 1998 19:59:31 +0200


At 07:46 7/29/98 -0400, you wrote:

At least some versions of Eudora Light prior to 3.0.5 return a Divide by
Zero error and immediately close when trying to pop a message that has a
ctime of 0 (Read as Dec 31 1969 19:00 EST (-0500)).  This apparently
corrupts the .mbx file, and both the message on the pop server and the .mbx
file must be manually removed (or hacked) in order to proceed.  I can't
reproduce this problem with version 3.0.5, and I don't have available an
older copy to re-try this.

I discovered this anomoly doing ISP tech support for a customer.

Can anyone confirm or deny this?


Confirmed, I`ve tried with Eudora Pro 3.05. When mailserver is polled
Eudora will close immediatly and inbox is indeed corrupted. Message must
be deleted on the server.


_________________________________________________________
J.J.W.H. Baggen  Starline Group Europe  www.stl-group.com
SALES DEPARTEMENT: sales () stl-group com +31(0)455 650 137

Current thread:

Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Troy Ablan (Jul 29)
- Eudora exploit confirmed on 3.05 Pro j.baggen () STL-GROUP COM (Jul 29)
- Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Chris Owen (Jul 29)
  - Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Thew (Jul 30)
  - Re: Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Alan Brown (Jul 30)