Becky! Internet Mail Buffer overflow

[Nobuo Miwa <n-miwa () LAC CO JP>]

Hi,

There were some Buffer overflow vulneravilities in
Beckey! Internet Mail software.
  http://www.rimarts.co.jp/index.html

I contacted author and got fix versions.

How:
The problem is Content-Type: header.
Becky! copies Content-Type: value to Becky-char:
header when I reply or forward it to someone.
But if Content-Type: header's value was over 4500
characters, its buffer is overflowed.
  Content-Type: text/plain; charset=aaaaaaa...
Its malicious header won't be noticed by users.

Version:
Becky! Internet Mail ver 1.26.03

Fixed version:
Becky! Internet Mail ver 1.26.04
  (for "Reply" bug)
Becky! Internet Mail ver 1.26.05
  (for "Forward" bug)


<Nobuo Miwa> n-miwa () lac co jp    ( @ @ )  Team SNS (Secure Net Service)
----------------------------o00o--(. .)--o00o--------------------------
http://www.lac.co.jp/security/