SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   The Bat! Vendors:   RIT Research Labs
(Vendor Disputes Vulnerability) Re: RitLab's The Bat! E-Mail Client Allows a User's E-Mail to Be Made Unretrievable When Downloading a Specifically Formatted E-Mail Message
SecurityTracker Alert ID:  1001398
SecurityTracker URL:  http://securitytracker.com/id/1001398
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 23 2001
Impact:   Denial of service via network

Version(s): 1.51
Description:   SECURITY.NNOV reports that there is a vulnerability in The Bat! e-mail client that allows a remote user to send mail to a vulnerable e-mail client causing the client to be unable to retrieve further messages when the e-mail is retrieved.

The vendor disputes the claim of a vulnerability. The vendor's statement follows:

"This is not a bug of The Bat! but a bug of MTA (POP3/SMTP servers) that allow such odd messages. The proposed "bad-message" (http://www.security.nnov.ru/files/badmess.zip) is not RFC-compliant. Any RFC-compliant POP3/SMTP server must either bounce or cure it. I've used a proposed example to send the message to myself, on a FreeBSD server with Sendmail 8.11.1 I've typed:

cat badmess | sendmail -U max@ritlabs.com

This message has been received by a KSI-Linux server with sendmail 8.8.8 and the POP3 to retrieve was Marc Crispin's daemon v2000.69.

The message has been received with orphaned LF's replaced to CR-LF pairs. Some MTA software in transit has cured the message.

The Bat! could bounce such odd messages but it doesn't do it intentionally because there are some odd mailserver that use single LF as a line endings. These servers, however, will quote the dot in the end of line and the proposed "bad-message" won't work with them either.

...und eine weitere kurz hinterher:

I however made The Bat! to handle CR and LF that strictly to avoid this vulnerability."

Impact:   A remote user can send mail to a vulnerable e-mail client causing the client to be unable to retrieve further messages when the e-mail is retrieved.
Solution:   Please note that the vendor disputes the claim of a vulnerability. See the source message or the description for the vendor's statement.
Vendor URL:  www.ritlabs.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 20 2001 RitLab's The Bat! E-Mail Client Allows a User's E-Mail to Be Made Unretrievable When Downloading a Specifically Formatted E-Mail Message



 Source Message Contents

Subject:  Re: SECURITY.NNOV: The Bat! <cr> bug


This is a forwarded message
From: Bat Registrierservice <bathelp@is-web.com>
To: GardenStone@boudicca.de <GardenStone@boudicca.de>
Date: Saturday, April 21, 2001, 5:34:36 PM
Subject: The Bat! - Fehlermeldung [BUG-F8FEFAE1]

===8<==============Original message text===============
____________________________________________________________________
Nachricht vom : Freitag, 20. April 2001 <11:21>
zum Thema     : The Bat! - Fehlermeldung [BUG-F8FEFAE1]
Bearbeitung: dhu  <21.04.2001 - 17:32>  Dieter Hummel
Status: done5e
____________________________________________________________________

Antwort von Ritlabs:

  This is not a bug of The Bat! but a bug of MTA (POP3/SMTP servers)
  that allow such odd messages. The proposed "bad-message"
  (http://www.security.nnov.ru/files/badmess.zip) is not
  RFC-compliant. Any RFC-compliant POP3/SMTP server must either bounce
  or cure it. I've used a proposed example to send the message to
  myself, on a FreeBSD server with Sendmail 8.11.1 I've typed
  cat badmess | sendmail -U max@ritlabs.com

  This message has been received by a KSI-Linux server with sendmail
  8.8.8 and the POP3 to retrieve was Marc Crispin's daemon v2000.69.

  The message has been received with orphaned LF's replaced to CR-LF
  pairs. Some MTA software in transit has cured the message.

  The Bat! could bounce such odd messages but it doesn't do it
  intentionally because there are some odd mailserver that use single
  LF as a line endings. These servers, however, will quote the dot in
  the end of line and the proposed "bad-message" won't work with them
  either.

 ...und eine weitere kurz hinterher:

  I however made The Bat! to handle CR and LF that strictly to avoid
  this vulnerability.


| Abonnieren   Sie   jetzt   gleich   kostenlos  und  unverbindlich  die  |
|        'Offizielle deutschsprachige The Bat! Diskussionsliste'          |
| thebat-dt-subscribe@yahoogroups.com   und   profitieren  Sie  von  der  |
|                                                                         |
| Sie   sind  mit  The  Bat!  noch  nicht  vertraut  oder  zieren  sich,  |
| vermeintlich  'dumme'  Fragen  zu  stellen?  Dann  ist  die 'Beginner'  |
| unter thebat-dt-beginner-subscribe@yahoogroups.com und fragen Sie, was  |
| Sie bisher vielleicht nicht wagten...                                   |



Integrated Services GbR
Autorisierter The Bat! Registrier- und Supportservice

--

Online Registrierung : http://www.register-me.de/the_bat/register.html
Hilfedatei v1.5.0    : http://www.BatMail.de

             Integrated Services e.K. | Web-Design  Web-Hosting
                       Fon + Fax: +49.721.151248335
                 Email: sales@is-web.com | dhu@is-web.com
                 The Bat! v1.52 Beta/9 mod [2E7F60DA]

++ Outgoing mail with possible attachment is found to be virus free ++
   Checked by AVP, using database update from 04-18-2001

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC