Bugtraq mailing list archives
Becky! Internet Mail Buffer overflow
From: Nobuo Miwa <n-miwa () LAC CO JP>
Date: Sat, 19 Aug 2000 10:44:35 +0900
Hi, There were some Buffer overflow vulneravilities in Beckey! Internet Mail software. http://www.rimarts.co.jp/index.html I contacted author and got fix versions. How: The problem is Content-Type: header. Becky! copies Content-Type: value to Becky-char: header when I reply or forward it to someone. But if Content-Type: header's value was over 4500 characters, its buffer is overflowed. Content-Type: text/plain; charset=aaaaaaa... Its malicious header won't be noticed by users. Version: Becky! Internet Mail ver 1.26.03 Fixed version: Becky! Internet Mail ver 1.26.04 (for "Reply" bug) Becky! Internet Mail ver 1.26.05 (for "Forward" bug) <Nobuo Miwa> n-miwa () lac co jp ( @ @ ) Team SNS (Secure Net Service) ----------------------------o00o--(. .)--o00o-------------------------- http://www.lac.co.jp/security/
Current thread:
- Becky! Internet Mail Buffer overflow Nobuo Miwa (Aug 18)