|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Becky! Internet Mail Buffer overflow
From: Nobuo Miwa (n-miwa
LAC.CO.JP)Date: Fri Aug 18 2000 - 20:44:35 CDT
- Next message: deepquestNETSCAPE.NET: "orifice patched by netscape 4.75"
- Previous message: Thomas Biege: "Re: xlock vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
There were some Buffer overflow vulneravilities in
Beckey! Internet Mail software.
http://www.rimarts.co.jp/index.html
I contacted author and got fix versions.
How:
The problem is Content-Type: header.
Becky! copies Content-Type: value to Becky-char:
header when I reply or forward it to someone.
But if Content-Type: header's value was over 4500
characters, its buffer is overflowed.
Content-Type: text/plain; charset=aaaaaaa...
Its malicious header won't be noticed by users.
Version:
Becky! Internet Mail ver 1.26.03
Fixed version:
Becky! Internet Mail ver 1.26.04
(for "Reply" bug)
Becky! Internet Mail ver 1.26.05
(for "Forward" bug)
<Nobuo Miwa> n-miwalac.co.jp ( ) Team SNS (Secure Net Service)
----------------------------o00o--(. .)--o00o--------------------------
http://www.lac.co.jp/security/
- Next message: deepquestNETSCAPE.NET: "orifice patched by netscape 4.75"
- Previous message: Thomas Biege: "Re: xlock vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]