SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Eudora Vendors:   Qualcomm
Eudora Buffer Overflow During Reply-To-All Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1008138
SecurityTracker URL:  http://securitytracker.com/id/1008138
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 10 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1-J, 5.2.0.9, 5.2.1; Windows versions
Description:   A vulnerability was reported in the Eudora e-mail client. A remote user can execute arbitrary code on the target user's system.

Secure Net Service reported that there is a buffer overflow in the processing of the "From" or "Reply-To" header fields. A remote user can send an e-mail containing a long string of specially crafted values for either field so that when the target user (recipient) attempts to use the "Reply-To-All" feature, the overflow will be triggerred and arbitrary code will be executed. The code will run with the privileges of the target user.

Hisayuki Shinmachi is credited with discovery.

The following notification timeline is provided:

9 Jan 2003 : We discovered the vulnerability
21 Jan 2003 : We reported the findings to EDGE Co., Ltd. and QUALCOMM Inc.
Mar 2003 : Eudora 5.1-Jr3 was released by EDGE Co., Ltd.
25 Jun 2003 : We reported the findings to CERT/CC and JPCERT/CC because we didn't get any response from QUALCOMM Inc.
4 Oct 2003 : We confirmed that the problem has been fixed in Eudora Version 6.0 for Windows[English]
10 Nov 2003 : We disclosed this vulnerability

Impact:   A remote user can cause arbitrary code to be executed on the target user's system when the target user's clicks on "Reply-To-All". The code will run with the privileges of the target user.
Solution:   The vendor has released fixed versions (5.1-Jr3 for Windows, 6.0 for Windows), available at:

http://www.eudora.com/download/

Vendor URL:  www.eudora.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [SNS Advisory No.69] Eudora "Reply-To-All" Buffer Overflow Vulnerability


----------------------------------------------------------------------
SNS Advisory No.69
Eudora "Reply-To-All" Buffer Overflow Vulnerability

Problem first discovered on: Thu, 09 Jan 2003
Published on: Mon, 10 Nov 2003
----------------------------------------------------------------------

Overview:
---------
  Eudora for Windows contains a buffer overflow vulnerability, which 
  could allow a remote attacker to execute arbitrary code.


Problem Description:
--------------------
  The buffer overflow occurs when Eudora receives an e-mail message 
  with a  "From" or "Reply-To" header containing an unusually long string 
  of characters, and then attempts to "Reply To All."


Tested Versions:
----------------
  Eudora 5.1-J for Windows [Japanese]
  Eudora 5.2.0.9 for Windows [English]
  Eudora 5.2.1 for Windows [English]


Solution:
---------
  Upgrade to the fixed version below:

  Eudora 5.1-Jr3 for Windows [Japanese] and above
  Eudora Version 6.0 for Windows [English] and above


Discovered by:
--------------
  Hisayuki Shinmachi


Chronology of Events:
---------------------
   9 Jan 2003 :  We discovered the vulnerability
  21 Jan 2003 :  We reported the findings to EDGE Co., Ltd. and 
                 QUALCOMM Inc.
     Mar 2003 :  Eudora 5.1-Jr3 was released by EDGE Co., Ltd.
  25 Jun 2003 :  We reported the findings to CERT/CC and JPCERT/CC
                 because we didn't get any response from QUALCOMM Inc.
   4 Oct 2003 :  We confirmed that the problem has been fixed in Eudora 
                 Version 6.0 for Windows[English]
  10 Nov 2003 :  We disclosed this vulnerability


Disclaimer: 
-----------
  The information contained in this advisory may be revised without prior 
  notice and is provided as it is. Users shall take their own risk when 
  taking any actions following reading this advisory. LAC Co., Ltd. shall 
  take no responsibility for any problems, loss or damage caused by, or by 
  the use of information provided here.

  This advisory can be found at the following URL: 
  Reference: http://www.lac.co.jp/security/english/snsadv_e/69_e.html


------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC