Specifications
SAFER – Vol. 3, Issue 6 17 © 2000 The Relay Group
Seattle Lab Emurl 2.0 Email Account Access Vulnerability
Released May 15, 2000
Affects Seattle Lab Software Emurl 2.0
Reference http://www.securityfocus.com/bid/1203
Problem
- Emurl software creates a unique identifier for each user, based on their account name. This
identifier is encoded using the ascii value of each character in the account name and augmented
by its position.
- By using a specific URL along with a user's identifier, it is possible to retrieve that users e-mail as
well as view and change their account settings.
SAFER
- Seattle Lab is aware of the issue and will address it in their next version of Emurl.
Qualcomm Eudora Pro Long Filename Attachment Vulnerability
Released May 15, 2000
Affects Qualcomm Eudora 4.3, 4.2, Eudora Light 3.0, Eudora Pro 1.0
Reference http://www.securityfocus.com/bid/1210
Problem
- Eudora improperly handles filenames of files attached in e-mails. An exceedingly long filename
can result in a buffer overflow condition when the program processes the attachment and tries to
save the temporary file.
- In Eudora e-mail is processed while downloading mail from the server so buffer overflow occurs
when the message is processed from the spool directory. This can even lock the e-mail account of
the Eudora user. Attacker-supplied data makes it into EIP, so execution of arbitrary remote code is
a possibility.
SAFER
- Deleting the offending file from the attachment directory under a DOS prompt reportedly allows
Eudora to regain functionality.
CGI Counter Input Validation Vulnerability
Released May 15, 2000
Affects CGI Counter 4.0.7, 4.0.2
Reference http://www.securityfocus.com/bid/1202
Problem
- Due to unchecked code that handles user input in George Burgyan's CGI Counter, remote
execution of arbitrary commands at the same privilege level as the web server it is running on is
possible.
SAFER
- Use other counter program/script.
Microsoft Active Movie Control Filetype Vulnerability
Released May 13, 2000
Affects Microsoft Active Movie Control 1.0
Reference http://www.securityfocus.com/bid/1221
Problem
- The Microsoft Active Movie Control (a multimedia ActiveX control) will download files of any type
specified in the control parameters in an HTML document, regardless of whether or not they are a
valid media type.
- A hostile website, HTML email or HTML newsgroup post could therefore write executables and
other potentially harmful content to target machines, which will be stored with their known
filenames in the default Windows Temp directory.
- This vulnerability could be used in conjunction with other exploits to run arbitrary code on the
target machine(s).
SAFER
- Disable Active Scripting.