[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Outlook denial of service
From: "Nicholas W. Blasgen" <nblasgen () REFRACT ! COM>
Date: 1999-06-28 21:52:34
[Download RAW message or body]
I tested it with Outlook 2000 with Windows 98 and had no problem.
Nicholas Blasgen
Refract Media
"The hard part was figuring out how to destroy the
physical universe. But I think we've solved that."
- Marcus Larry, 1999
> I've found a problem in qualcomm popper (and presumabley others) in that
it
> doesn't check for an existing X-UIDL: headers, but simpley uses it when
the
> client sends in a uidl request. This problem can manifest itself as an
> effective denial of service attack against microsoft outlook clients
> because outlook looks for unique uidl's for each message and if there
are
> duplicates it will hang prior to downloading any mail. I've put up a
small
> web site detailing the problem and some possible work arounds/fixes at
>
> http://getaclue.org/yoduh/outlook.html
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic