Bugtraq mailing list archives
Re: Outlook denial of service
From: nblasgen () REFRACT COM (Nicholas W. Blasgen)
Date: Mon, 28 Jun 1999 14:52:34 -0700
I tested it with Outlook 2000 with Windows 98 and had no problem. Nicholas Blasgen Refract Media "The hard part was figuring out how to destroy the physical universe. But I think we've solved that." - Marcus Larry, 1999
I've found a problem in qualcomm popper (and presumabley others) in that
it
doesn't check for an existing X-UIDL: headers, but simpley uses it when
the
client sends in a uidl request. This problem can manifest itself as an effective denial of service attack against microsoft outlook clients because outlook looks for unique uidl's for each message and if there
are
duplicates it will hang prior to downloading any mail. I've put up a
small
web site detailing the problem and some possible work arounds/fixes at http://getaclue.org/yoduh/outlook.html
Current thread:
- Re: Outlook denial of service Nicholas W. Blasgen (Jun 28)
- Re: Outlook denial of service Aleph One (Jun 30)
- SDI exploit for Xaccel Thiago/c0nd0r (Jun 30)
- Microsoft Security Bulletin (MS99-023) aleph1 () UNDERGROUND ORG (Jun 30)
- Dan & Wietse's Computer Forensics Analysis Class Wietse Venema (Jul 01)
- packetstorm became the victim of FUD Andreas Bogk (Jul 01)
- Re: packetstorm became the victim of FUD Jay D. Dyson (Jul 01)