Bugtraq mailing list archives

Re: Outlook denial of service

From: nblasgen () REFRACT COM (Nicholas W. Blasgen)
Date: Mon, 28 Jun 1999 14:52:34 -0700


I tested it with Outlook 2000 with Windows 98 and had no problem.

Nicholas Blasgen
Refract Media

"The hard part was figuring out how to destroy the
physical universe. But I think we've solved that."
  - Marcus Larry, 1999

I've found a problem in qualcomm popper (and presumabley others) in that

it

doesn't check for an existing X-UIDL: headers, but simpley uses it when

the

client sends in a uidl request.  This problem can manifest itself as an
effective denial of service attack against microsoft outlook clients
because outlook looks for unique uidl's for each message and if there

are

duplicates it will hang prior to downloading any mail.  I've put up a

small

web site detailing the problem and some possible work arounds/fixes at

http://getaclue.org/yoduh/outlook.html

Current thread:

Re: Outlook denial of service Nicholas W. Blasgen (Jun 28)
- Re: Outlook denial of service Aleph One (Jun 30)
- SDI exploit for Xaccel Thiago/c0nd0r (Jun 30)
- Microsoft Security Bulletin (MS99-023) aleph1 () UNDERGROUND ORG (Jun 30)
- Dan & Wietse's Computer Forensics Analysis Class Wietse Venema (Jul 01)
- packetstorm became the victim of FUD Andreas Bogk (Jul 01)
  - Re: packetstorm became the victim of FUD Jay D. Dyson (Jul 01)