Eudora users warned over ‘reply to all’ trick • The Register

Skip to content

Whitepapers

Eudora users warned over ‘reply to all’ trick

Press Send for a buffer flow flaw

By John Leyden • Get more from this author

Posted in Security, 11th November 2003 15:20 GMT

Free whitepaper – Certify your software integrity with Thawte code signing certificates

A buffer overflow vulnerability in Eudora, the popular email client, creates a mechanism for crackers to compromise targeted PCs.

The problem stems from a failure to properly verify the "From:" and "Reply-To:" when users of vulnerable versions of Eudora select "Reply-To-All". This shortcoming creates a means for hackers to spam users with a maliciously constructed email designed to trigger this buffer overflow condition.

In practice it might be hard to trick users into selecting "Reply-To-All" in response to suspicious emails. But if they do then crackers would be able to run arbitrary code on vulnerable systems, so the problem is not to be sniffed at.

The vulnerability was discovered in Eudora version 5.x by Japanese security researcher Hisayuki Shinmachi of Secure Net Services in January and announced yesterday. Users are advised to update to Eudora 5.1-Jr3 (Japanese) or Eudora 6.0 (English) in order to shore up their security defences, as explained in an advisory by Secunia here.

Although Eudora security problems are not unprecedented, the package is far less afflicted with security issues than Microsoft's email client, known in these parts as Lookout. ®

Related Stories

IE bugs keep coming
Eudora e-mail hole discovered

External Links

Eudora security problems

Free whitepaper – Securing your Apache web server with a Thawte digital certificate

Whitepapers

The best practices guide for application security

Download to learn about the mandate, the business case, and the executive action plan to jump start an application security program.

Reducing messaging and web security costs with managed services

In this white paper, learn how security costs can be reduced by utilizing managed security services.

Avoiding 7 common mistakes of IT security compliance

This guide covers seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.

Certify your software integrity with Thawte code signing certificates

This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.

The future of SaaS and IT infrastructure management

This report describes the results of a research project designed to explore the current and planned use of IT Infrastructure Management Solutions in North American companies

Search more Resources

Top stories

Webcast: Jumpstart your Application Security initiatives

Don’t Miss

Feds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

Buggy 'smart meters' open door to power-grid botnet

Grid-burrowing worm only the beginning

Microsoft knew of nasty IE bug a year before attacks

Security delayed or security denied?

BlockMaster SafeStick hardware-encrypted USB drive

Review Tough enough?