[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     15
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.15
   Becky! Internet Mail 1.26.03 Buffer Overflow 
   Problem first discovered: 15 Aug 2000
   Published: 18 Aug 2000
   Last Updated: 18 Aug 2000
     _________________________________________________________________
   
   Overview:
   A buffer overflow vulnerability was found in Becky! Internet Mail
   1.26.03.
   
   Problem Description: 
   
   Becky! Internet Mail is popular MUA (Mail User Agent) designed for
   Windows operating systems.
   
   The problem exist in Content-Type: header. Becky! copies the value of
   Content-Type: to Becky-char: header when it is replied or forwarded to
   someone. But if the Content-Type: header's value is over 4,500
   charactors, the buffer will overflow.
                                      
   Successful exploitation of this vulnerability could allow remote
   attackers to send e-mail including malicious header without being
   noticed by users.
                                      
   Example of Issue: 
                                      
   Date: Tue, 15 Aug 2000 10:33:22 +0900
   From: ichinose@lac.co.jp
   To: ichinose@lac.co.jp
   Subject: TEST
   MIME-Version: 1.0
   Content-Type: text/plain; charset=aaa(about 4,500 charactors)aaaa
   I've seen at all.
   
                                 [15_1.gif]
   
                            Fig1: Error Message
   
   Status of fixes: 
   
   Due to prompt response by the author, the fixed version 1.26.05, has
   been released.
   
   [7]http://www.rimarts.co.jp/becky.htm
   
     Becky! Internet Mail Official Site:
     
     [8]http://www.rimarts.co.jp/index.html
     
     
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/15_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/14_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/16_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/15.html
   7. http://www.rimarts.co.jp/becky.htm
   8. http://www.rimarts.co.jp/index.html