lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 27 Jan 2009 15:22:25 +0000
From: Dave English <dave.english@...s.net>
To: bugtraq@...urityfocus.com
Subject: Re: DoS attacks on MIME-capable software via complex MIME emails

In message <20081208225217.10144.qmail@...urityfocus.com>, 
bruhns@...urity-labs.com writes
...
>== Specific Software ==
>Vulnerable:
>Microsoft Outlook Express 6, Version 6.00.2900.5512
>Opera Version: 9.51 Build: 10081 System: Windows XP
>Incredimail Build ID: 5853710 Setup ID: 7 Pn: 92977368
>Norton Internet Security Version 15.5.0.23
>ESet NOD32 2.70.0039.0000
>Kaspersky Internet Security 2009; Databases from 23.07.2008
>
>Slightly affected:
>Mozilla Thunderbird Version 2.0.14 (20080421)
>
>Not vulnerable:
>Avira Antivir Search engine: v8.01.01.11, 17.07.2008
>Mutt
>Courier

Turnpike is also not vulnerable.  Multikill is displayed correctly & 
Nesty is partially displayed, after a warning that the message is too 
complex.

>== Credit ==
>This bug was discovered by Bernhard 'Bruhns' Brehm at Recurity Labs.
>Company page: http://www.recurity-labs.com
...
-- 
Dave English                           Internet Platform Development
Senior Software & Systems Engineer                              Thus
                                            a Cable&Wireless business

Download attachment "signature.asc" of type "application/pgp-signature" (180 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ