Home page logo
/

bugtraq logo Bugtraq mailing list archives

Becky! 2.00.05 Buffer Overflow
From: Ichinose Sayo <ichinose () lac co jp>
Date: Mon, 14 May 2001 17:01:31 +0900

Hi,
I found Buffer Overflow vulnerabilities in Becky! Internet Mail 2.00.05

Becky! Internet Mail is popular MUA (Mail User Agent) designed for 
Windows operating systems.

Problem Description
-------------------
If the message includes over 65536 bytes without new line characters, 
the buffer will be overflowed.

Buffer overflow also occurs when attempt to reply or forward to the 
message included over 8188 bytes without new line characters.

Successful exploitation of this vulnerability could allow remote 
attackers to execute arbitrary commands.

Tested Version:
----------------
Becky! Internet Mail ver 2.00.05
Becky! Internet Mail ver 2.00.03

Status of fixes: 
-----------------
Due to prompt response by the author, the version 2.00.06, which was 
fixed this problem, was published.

http://www.rimarts.co.jp/becky.htm

Web site that shows reproducing this vulnerability is available from:
http://www.lac.co.jp/security/english/test/becky2.html

Becky! Internet Mail Official Site:
------------------------------------
http://www.rimarts.co.jp/index.html


----
Sayo Ichinose<ichinose () lac co jp>
Computer Security Laboratory
LAC Co.,Ltd.
http://www.lac.co.jp/security/


  By Date           By Thread  

Current thread:
  • Becky! 2.00.05 Buffer Overflow Ichinose Sayo (May 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]