Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SMTP:DOS:EUDORA-MIME-DOS

Severity

 Low

Recommended

 No

Category

 SMTP

Keywords

 Eudora Malformed MIME Attachment DoS

Release Date

 2003/05/28

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: Eudora Malformed MIME Attachment DoS


This signature detects denial-of-service (DoS) attempts against Eudora, an e-mail client. Eudora 5.2.1 and earlier versions are vulnerable. In an e-mail, attackers can send a maliciously crafted MIME attachment with a filename that contains an excessive number of periods to crash the Eudora e-mail client.

Extended Description

Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious content, and in avoiding generating warning messages. It is possible to refer to other files or attachments in a message through specially formatted inline text. It has been demonstrated possible to misrepresent some aspects of files referenced in this manner. This may cause end users to make erroneous judgements about the nature of file attachments, and allow malicious attachments to bypass normal warning dialogs displayed when executable content is launched. If an attachment path to an executable file has a single '.' character appended, warning messages will not be displayed. Attachments such as 'calc.exe.' may execute when launched without the requirement for further interaction. Additionally, an arbitrary file name may be specified by the attacker which will be displayed to the end user. If a filename such as 'readme.txt' is associated with a malicious, executable attachment, the user may make innacurate decisions about the risk associated with opening the attachment. If the specified file does not exist on the local system, the full path provided will be used to locate and launch a file, with no further warnings given. Successful exploitation may require the attacker to know the full path to the attachment directory. ** A new version of Eudora is available however, reports suggest that the new version may still be affected. ** May 21, 2004 - Eudora version 6.1.1 has been released, however, it is reported that the new versions is vulnerable to this issue as well.

Affected Products

  • Qualcomm Eudora 5.1.0
  • Qualcomm Eudora 5.2.1
  • Qualcomm Eudora 6.0.0
  • Qualcomm Eudora 6.0.1
  • Qualcomm Eudora 6.1.1

References

  • BugTraq: 5432
  • CVE: CVE-2003-0376
  • URL: http://www.juniper.net/security/auto/vulnerabilities/vuln2680.html
  • URL: http://xforce.iss.net/xforce/xfdb/12061

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out