Bug Hunter Finds Security Hole in Eudora

greenspun.com : LUSENET : TB2K spinoff uncensored : One Thread

From GICC, thanks Martin!

Bug Hunter Finds Security Hole in Eudora

April 28, 2000 InternetNews - Product News Archives Bug Hunter Finds Security Hole in Eudora By Thor Olavsrud

Qualcomm Inc. has uncovered a potentially dangerous security vulnerability in its Eudora e-mail program that could open a door for hackers to run code on an another person's computer.

The weakness was discovered by Bennett Haselton, a Webmaster for Peacefire.org, who notified Qualcomm (QCOM) of his discovery. Haselton, a bug hunter and anticontent-filtering advocate, designed an exploit that demonstrating that a hacker can circumvent Eudora's warning about running untrusted code on a computer. Eudora, and similar e-mail applications, usually presents a warning before it will run an executable file attached to an e-mail message.

Haselton's exploit, fully explained here, looks like an ordinary plain-text message containing a hyperlink. The hyperlink could point to an innocuous-looking URL. In Eudora, however, a hacker can format the hyperlink so it appears to point to one place but really leadss somewhere else. When the user clicks on the hyperlink, it launches a Windows shortcut file (.lnk). The .lnk file is attached to an executable (.exe) file which it causes to run when launched. The .lnk and .exe files are hidden using simple HTML code. By using the .lnk file to run the .exe file, the exploit bypasses Eudora's warning system.

Qualcomm said its next iteration of Eudora for Windows, version 4.3.2, will correct the flaw, though that version is still "weeks away."

Meanwhile, Eudora users can fix the problem themselves by editing the Eudora.ini file to add the following line: WarnLaunchExtensions=exe|com|bat|cmd|pif|htm|do|xl|reg|lnk to their "[Settings]" section (the default is to warn for all these extensions except the .lnk).

http://www.internetnews.com/prod-news/article/0,2171,9_350391,00.html

-- Martin Thompson (mthom1927@aol.com), April 30, 2000

-- Flash (flash@flash.hq), April 30, 2000

Answers

Thanks Flash,

I'm going to send this to my onelist group. There are a LOT of professionals that use Eudora, and need to know this. Good catch!

-- (Interst@te 17 .North), May 01, 2000.


Hi Interst,

Glad you found it helpful. I use Eudora myself, so it caught my "twinkling eye".

Are you one of the many who I "flash" past when I go up and down I-17? I have a red Porsche 911-T (1973 vintage). Actually I pretty much behave myself behind the wheel nowadays, although it's occasionally fun to dust off some jerk who doesn't want to let me merge by treating them to a puff of blue/gray smoke as I leave them in the dust.

-- Flash (flash@flash.hq), May 01, 2000.


So you're the guy who keeps getting too close to my rump! Back off, Jack!

:-)

I'm the lady who drives the clunker that can't hardly make it up the hill outside of Black Canyon City. Until you buy me a new car, quit your complainin'!

-- (Interstate @ 17. North), May 01, 2000.


Moderation questions? read the FAQ