Eudora 3.0 and 4.0 DOS

Summary

Description:	Eudora will crash if it tries to receive an email with an attachment that has a filename of at least 233 characters.
Author:	whiz <whizpig@TIR.COM>
Compromise:	Stupid DOS attack
Vulnerable Systems:	Windows users running Eudora Pro 4.0 or 3.0
Date:	29 March 1998

Details

Date: Sun, 29 Mar 1998 05:04:17 -0500
From: whiz <whizpig@TIR.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Eudora Pro 4.0 attachment/long filename problem

Eudora Pro 4.0 crashes when it trys to retrieve a message that has an
attachments with an extra long filename.  The length of the filename
effects the type of crash that will occur.  A filename of greater then 233
characters in length will cause an illegal operation.  However, a
bluescreen of death occurs and a reboot is necessary if the filename is
exactly 233 characters.

Heres how to recreate it on Windows 95.
1. Create a file with a long name(>=233).
2. In Eudora, send an e-mail to your self with the new file attached.
3. Now check your mail, Eudora should crash when it starts to download the
attachment.

And since Eudora crashes before it deletes the message from the server you
will have to do this in order to check your mail again:
1. Telnet to your mail server.
2. Type USER yourusername, hit enter.
3. Type PASS yourpassword, hit enter.
4. Type DELE 1, hit enter.
5. Type QUIT, hit enter.

-whiz
Date: Mon, 30 Mar 1998 14:09:02 -0800
From: Lewis Eatherton <eathertl@SEGASOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Eudora Pro 4.0 attachment/long filename problem

The same bug is apparently in version 3.x as some funny person at my office
just exploited it...

At 05:04 AM 3/29/98 -0500, whiz wrote:
>Eudora Pro 4.0 crashes when it trys to retrieve a message that has an
>attachments with an extra long filename.  The length of the filename
>effects the type of crash that will occur.  A filename of greater then 233
>characters in length will cause an illegal operation.  However, a
>bluescreen of death occurs and a reboot is necessary if the filename is
>exactly 233 characters.
>
>Heres how to recreate it on Windows 95.
>1. Create a file with a long name(>=233).
>2. In Eudora, send an e-mail to your self with the new file attached.
>3. Now check your mail, Eudora should crash when it starts to download the
>attachment.
>
>And since Eudora crashes before it deletes the message from the server you
>will have to do this in order to check your mail again:
>1. Telnet to your mail server.
>2. Type USER yourusername, hit enter.
>3. Type PASS yourpassword, hit enter.
>4. Type DELE 1, hit enter.
>5. Type QUIT, hit enter.
>
>-whiz
>
>
Lewis Eatherton
Network Architect
SegaSoft, Inc

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: