Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Exploit using Eudora and the Guninski hole
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 21 Sep 2000 04:53:28 +1200

SIMARD SECURITY ADVISORY 20000919.1
by Louis-Eric Simard, Security Consultant (Louis-Eric () Simard com)
<<snip>>
   TESTED SYSTEMS
   Windows 2000 [5.00.2195] running Eudora 4.3.2. Later versions of Eudora
have not been tested.

...but most older ones (going *way* back to erly Win16
implementations) are also vulnerable.

   SYNOPSIS
   A malicious intruder can easily take control of a Windows environment by
simply sending one or more e-mails containing attachments conforming to
   the description set in the Georgi Guninski security advisory #21 if the
receiver is using Eudora as a mail client.

   PROBLEM DESCRIPTION
   Eudora saves all attachments in a single directory upon receiving the
mail; a mail message need not be open for its attachment to be decoded
   and saved in that common directory. An intruder need only send an e-mail
with a trojaned DLL as described in the Guninski advisory, along with
   or followed by an e-mail containing a Word document.

Always hated that option.  I couldn't see why anyone with a hint of a
clue about security would like it.  Was dumb-founded it was ever made
the default...

   DEMONSTRATION
<<snip>>
   ACKNOWLEDGEMENTS
<<snip>>
   COMMENTS
<<snip>>
   DISCLAIMER
<<snip>>

The advisory would have been better had you mentioned that although
this is the *default* behaviour of Eudora, it is configurable and can
be easily disabled.  There have been other exploits based on the
utter predicability of this behaviour -- anyone still running Eudora
with this option enabled needs their head read.


Regards,

Nick FitzGerald


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]