[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [lists] [Full-Disclosure] Novell/Ximian Evolution multiple text attachmentsDoS

To: "'Kristian Hermansen'" <khermansen@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [lists] [Full-Disclosure] Novell/Ximian Evolution multiple text attachmentsDoS
From: "Curt Purdy" <purdy@xxxxxxxxxx>
Date: Sat, 26 Feb 2005 07:34:02 -0600

Kristian Hermansen wrote:
> I just wanted to inform users of Ximian Evolution 2.0 
> software that there exists a way to temporarily DoS the local 
> application and/or machine by attaching an absurd amount of 
> .ezm files to a normal email.
<snip>

It seems to me that it would take an attacker more time to create this
remote DoS than it would cause the victim in lost time. IMHO Outlook Express
would be a much less time consuming vector.

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA 
Information Security Engineer 
DP Solutions 

-----------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [lists] [Full-Disclosure] Novell/Ximian Evolution multiple text attachmentsDoS
  - From: Roman Drahtmueller

References:
- [Full-Disclosure] Novell/Ximian Evolution multiple text attachments DoS
  - From: Kristian Hermansen

Prev by Date: RE: [lists] RE: [Full-Disclosure] Awake a modem with AT commands
Next by Date: RE: [lists] [Full-Disclosure] Novell/Ximian Evolution multiple text attachmentsDoS
Previous by thread: [Full-Disclosure] Novell/Ximian Evolution multiple text attachments DoS
Next by thread: RE: [lists] [Full-Disclosure] Novell/Ximian Evolution multiple text attachmentsDoS
Index(es):
- Date
- Thread