From: "Siddik, Syaefullah" <[EMAIL PROTECTED]> fyi nih.. buat yang make the bat.. :) Dike The Bat! <cr> Bug ------------------------------------------------------------------------ SUMMARY <http://www.ritlabs.com/the_bat/> The Bat! is very convenient commercially available MUA for Windows. A security vulnerability in the product allows remote attackers to cause a DoS against the product, and to return to the user a crafted message. DETAILS While retrieving (using the RETR command) a message via POP3, The Bat! incorrectly processes a 0x0D (CR) character when they are not followed by a 0x0A (LF). The bug causes The Bat! to fail to receive any other message. This would lead to a denial of service attack against the user's POP3 account. Further, a malformed message can emulate any POP3 server reply, thus misleading the user into the true nature of the problem. Exploit: <http://www.security.nnov.ru/files/badmess.zip> http://www.security.nnov.ru/files/badmess.zip Extract the "badmessage" file (see the above URL) and send it, e.g. using cat badmessage | sendmail -U [EMAIL PROTECTED] Alternatively, copy it to user's mailbox. The message will cause The Bat! to show something like: !13.04.2001, 17:51:01: FETCH - Server reports error. The response is: --ERR Wrong User: replace user with your system administrator-- Workaround: Use the "Dispatch Mail on Server" feature to delete malformed message from server or use different MUA. Vendor: RitLabs was contacted on April, 13. ADDITIONAL INFORMATION The information has been provided by <mailto:[EMAIL PROTECTED]> 3APA3A. -- Compu-Mania MailingList, provided by PT Centrin Online Tbk Unsubscribe: [EMAIL PROTECTED], body: unsubscribe Compu-Mania Archive: http://www.mail-archive.com/[email protected]/ Info: [EMAIL PROTECTED], body: help
