OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ichinose Sayo (ichinoselac.co.jp)
Date: Mon May 14 2001 - 03:01:31 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,
    I found Buffer Overflow vulnerabilities in Becky! Internet Mail 2.00.05

    Becky! Internet Mail is popular MUA (Mail User Agent) designed for
    Windows operating systems.

    Problem Description
    -------------------
    If the message includes over 65536 bytes without new line characters,
    the buffer will be overflowed.

    Buffer overflow also occurs when attempt to reply or forward to the
    message included over 8188 bytes without new line characters.

    Successful exploitation of this vulnerability could allow remote
    attackers to execute arbitrary commands.

    Tested Version:
    ----------------
    Becky! Internet Mail ver 2.00.05
    Becky! Internet Mail ver 2.00.03

    Status of fixes:
    -----------------
    Due to prompt response by the author, the version 2.00.06, which was
    fixed this problem, was published.

    http://www.rimarts.co.jp/becky.htm

    Web site that shows reproducing this vulnerability is available from:
    http://www.lac.co.jp/security/english/test/becky2.html

    Becky! Internet Mail Official Site:
    ------------------------------------
    http://www.rimarts.co.jp/index.html

    ----
    Sayo Ichinose<ichinoselac.co.jp>
    Computer Security Laboratory
    LAC Co.,Ltd.
    http://www.lac.co.jp/security/