Re: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability

[John Pettitt <jpp () cloudview com>]

At 06:15 PM 8/7/2002, Atsushi Nishimura wrote:
> ----------------------------------------------------------------------
> SNS Advisory No.55
> Eudora 5.x for Windows Buffer Overflow Vulnerability rev.2
>
> Problem first discovered: 6 Jun 2002
> Published: 5 Aug 2002
> Last revised: 8 Aug 2002
> ----------------------------------------------------------------------
>
> Overview:
> ---------
>   Eudora 5.x for Windows contains a buffer overflow vulnerability,
>   which could allow a remote attacker to execute arbitrary code.
>
> Problem Description:
> --------------------
>   Eudora developed and distributed by QUALCOMM Inc.
>   (http://www.qualcomm.com/), is a Mail User Agent running on Windows
>   95/98/2000/ME/NT 4.0 and MacOS 8.1 or later.
>
>   The buffer overflow occurs when Eudora receives a message using 139 bytes
>   or more of string as a boundary, which is used to divide a multi-part
>   message into separate parts. In our verification environment, we have
>   found that this could allow arbitrary commands to be executed.

For postfix users adding the following to header_checks should guard 
against this problem

/boundary=.{138,}$/                    REJECT MIME boundary too long

Not that only the most recent version of postfix understand mime so in 
older versions (pre 20020525) nested mime won't be blocked by this.

John



John Pettitt                                     Email: jpp () cloudview com

"Do what you feel in your heart to be right for you'll be criticized anyway."
                                                                                      - 
Eleanor Roosevelt