RE: [lists] [Full-Disclosure] Novell/Ximian Evolution multiple text attachmentsDoS

> > I just wanted to inform users of Ximian Evolution 2.0 
> > software that there exists a way to temporarily DoS the local 
> > application and/or machine by attaching an absurd amount of 
> > .ezm files to a normal email.
> <snip>
>
> It seems to me that it would take an attacker more time to create this
> remote DoS than it would cause the victim in lost time. IMHO Outlook Express
> would be a much less time consuming vector.

Not sure about the latter, but the flexibility of a good Linux system
should allow you attach some hundred files in one email in a matter of
seconds. Unfortunately, the cognitive notation of being absurd is site-
and user/sender-specific and sometimes already applies to a single email
with a few lines of text only (or email in general...). 

Evolution - just as everything else in the Open Source world, is subject
to permanent development, improvement and evolution. Its advantage of
being Open Source lies in the property of being able to adopt very
quickly to the permanently changing internet culture and the habits and
customs of its users. Therefore, it should be expected that nasty but not 
very serious issues like this will be handled just right in the future.

Thanks,
Roman.
-- 
 -                                                                      -
| Roman Drahtmüller      <draht@suse.de> // "You don't need eyes to see, |
  Security Architect    Phone:          //             you need vision!"
| Novell - SUSE Linux   +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html