OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Becky! Internet Mail Buffer overflow
From: Nobuo Miwa (n-miwaLAC.CO.JP)
Date: Fri Aug 18 2000 - 20:44:35 CDT


Hi,

There were some Buffer overflow vulneravilities in
Beckey! Internet Mail software.
  http://www.rimarts.co.jp/index.html

I contacted author and got fix versions.

How:
The problem is Content-Type: header.
Becky! copies Content-Type: value to Becky-char:
header when I reply or forward it to someone.
But if Content-Type: header's value was over 4500
characters, its buffer is overflowed.
  Content-Type: text/plain; charset=aaaaaaa...
Its malicious header won't be noticed by users.

Version:
Becky! Internet Mail ver 1.26.03

Fixed version:
Becky! Internet Mail ver 1.26.04
  (for "Reply" bug)
Becky! Internet Mail ver 1.26.05
  (for "Forward" bug)

<Nobuo Miwa> n-miwalac.co.jp ( ) Team SNS (Secure Net Service)
----------------------------o00o--(. .)--o00o--------------------------
http://www.lac.co.jp/security/