[CCMC] Fwd: [sec-adv] Eudora Multiple Vulnerabilities

David Duhamel Mon, 15 Sep 2003 23:02:51 -0700

Pour les utilisateurs d'Eudora...

Vivement 18H45 pour voir Steve J. à la télé....

Début du message réexpédié :

De: Secunia Security Advisories <[EMAIL PROTECTED]>
Date: Lun 15 sep 2003  20:17:08 Europe/Paris
À: [EMAIL PROTECTED]
Objet: [sec-adv] Eudora Multiple Vulnerabilities


TITLE:
Eudora Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA9729

VERIFY ADVISORY:
http://www.secunia.com/advisories/9729/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:

From remote


SOFTWARE:
Eudora 6.x

DESCRIPTION:
Multiple vulnerabilities have been reported in Eudora 6 allowing
malicious people to spoof attachments or execute arbitrary code.

A boundary error when handling overly long filenames (250 characters
or longer) can be exploited to cause a buffer overflow. This crashes
Eudora but may potentially also allow exection of arbitrary code.

It is possible to cause Eudora to show a different name than the
actual attachment name. This may be exploited to trick users into
opening malicious files.

Other security issues have also been identified. However, they
trigger a warning dialog.

These issues have previously been reported for Eudora 5.

SOLUTION:
Configure your mail gateway to filter malicious emails or use a
different mail client.

REPORTED BY / CREDITS:
Paul Szabo

OTHER REFERENCES:
SA8258:
http://www.secunia.com/advisories/8258/

SA7529:
http://www.secunia.com/advisories/7529/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web     : http://www.secunia.com/
E-mail  : [EMAIL PROTECTED]
Tel     : +45 7020 5144
Fax     : +45 7020 5145

------------------------------------------------------------------------ ------

David Duhamel

http://home.nordnet.fr/~dduhamel/

AIM/iChat : dduhamel2001

Ou cet homme est mort, ou ma montre est arrêtée !
                              (Groucho Marx)
Les minijupes, c'est comme les sondages : ça donne des idées mais ça
cache l'essentiel.


--
PHOTO HALL Multimedia, leader en Telecom, Informatique,
Photo, Video, TV, Hifi. Surfez sur http://www.photohall.be
CyberCafe 2.0 <http://www.cybercafe.tv> Chaque Mardi 19h15 sur La 2!
Desabonnement par email :  <mailto:[EMAIL PROTECTED]>

[CCMC] Fwd: [sec-adv] Eudora Multiple Vulnerabilities

Répondre à