COMMAND

    Eudora

SYSTEMS AFFECTED

    Eudora mail client

PROBLEM

    I will cover vew Eudora  client vulnerabilities here.  Troy  Ablan
    posted following.  At least some versions of Eudora Light prior to
    3.0.5 return  a Divide  by Zero  error and  immediately close when
    trying to pop a message that has a ctime of 0 (Read as Dec 31 1969
    19:00 EST  (-0500)).   This corrupts  the .mbx  file, and both the
    message  on  the  pop  server  and  the .mbx file must be manually
    removed (or hacked) in order to proceed.

    Chris Owen added  following.  With  version up to  at least 3.0.3,
    setting the clock forward 100  years will cause Eudora to  cause a
    segmentation fault when sending mail.

    According  to  Alan  Brown,  Eudora  will  also die horribly if it
    receives any mail dated prior to Jan 1, 1970.

SOLUTION

    John Hardin has  just updated his  procmail "kit" to  shorten long
    file  names  on  MIME  attachments.  This should prevent potential
    exploits  in  mail  clients  such  as  Outlook,  Outlook  Express,
    Netscape Mail, and  possibly Eudora.   John's procmail filter  kit
    can be found at:

        http://www.wolfenet.com/~jhardin/procmail-kit.html

    You can view his  "recipe" for solving the  problem at the end  of
    the file:

        http://www.wolfenet.com/~jhardin/html-trap.procmail