[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     17
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.17
   tsworks Buffer Overflow Vulnerability 
   Problem first discovered: 7 Sep 2000
   Published: 12 Sep 2000
   Last Updated: 12 Sep 2000
     _________________________________________________________________
   
   Overview:
   
   A buffer overflow vulnerability was found in tsworks.
   
   Problem Description:
   
   tsworks is MUA(Mail User Agent) for Windows 95/98/NT4.0/2000 that
   supports POP3/SMTP. Buffer Overflow occurs in tsworks when it receives
   an e-mail message with a "Subject" header containing about 500
   characters, and temporary storing for replying or forwarding.
   
   Successful exploitation of this vulnerability could lead to further
   compromises of the victim's security such as embedding viruses or
   backdoors, the disclosure of sensitive files and corrupting the disk.
   
                                 [17_1.gif]
   
     Fig1: receiving e-mail(from bowbow@lac.co.jp to n-miwa@lac.co.jp,
                          exploitable@lac.co.jp )
   
                                 [17_2.gif]
   
           Fig2: replying e-mail and temporary storing [17_3.gif]
   
                                      
                      Fig3: Buffer Overflow condition
   
   Affected Version:
   
   tsworks Ver. 3.096
   
   Status of Fix:
   
   The problem was fixed in Ver.3.097
   
   Relevant URL:
   
   [7]http://www.hcs.fujitsu.com/tsworks/ (Japanese only)
   
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/17_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/16_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/18_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/17.html
   7. http://www.hcs.fujitsu.com/tsworks/