Qualcomm Eudora WorldMail Server SMTP server buffer overflow
| eudora-smtp-server-bo (34324) |  High Risk |
Description:
Qualcomm Eudora WorldMail Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of SMTP server replies. By persuading a victim to connect to a malicious SMTP server, a remote attacker could send a specially-crafted SMTP reply string to overflow a buffer and execute arbitrary code on the system.
Note: In order to exploit this vulnerability, the victim must click "Cancel" and ignore the buffer overflow warning message.
Platforms Affected:
- Qualcomm, Eudora 7.1.0.9
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- Eudora Web site, Eudora WorldMail Server by QUALCOMM at http://www.eudora.com/email/features/windows/index.html.
- CVE-2007-2770: Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
- SA25282: Eudora Multiple Buffer Overflow Vulnerabilities
Reported:
May 15, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net