If already published, already fix it, too much old infomation, please send trash box :-) #At least 2.0v2 is not fixed if Apple does't tell a lie. --------------------------------------------------------------------- Claris Emailer buffer over flow vulnerabirity Problem first discoverd:2000.7.26 Discoverd by: awacs@hawkeye Published: 2001.10.19 --------------------------------------------------------------------- Description: Claris Emailer is mail client for Macintosh. Development is already finished and maybe maintenance is not done. This mail client have problem about enveloved file name handling, buffer overflow occers when handle long file name. When this client recieved mail, this save it in temporary folder, and interpret file , do necessary process. Therefore, once evil mail recieved, user gets impossible to use software so that a similer problem occers again. If user want to use after problem, (s)he deletes or revise evil mail on temprary folder. If evil person know how to execute evil program on MacOS, (s)he may be able to execute arbitary code on victim. Tested version : Claris Emailer-J 2.0v1 Not tested other version, so it may be a problem only of Japanese version. Solution: Change new and more safely mail client. Disclimer: You will copy, distribute and publish this content,so long as you change nothing. _________________________________________________________________
This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 15:57:04 PDT