[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     26
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.26 
   Becky! Internet Mail 2.00.05 Buffer Overflow Vulnerability
   
   Problem first discovered: 10 May 2001
   Published: 14 May 2001
   Last Updated: 14 May 2001
     _________________________________________________________________
   
   Overview:
   
   SNS Team has found a Buffer Overflow vulnerability in Becky! Internet
   Mail 2.00.05
   
   Problem Description: 
   
   Becky! Internet Mail is a popular MUA (Mail User Agent) designed for
   Windows operating systems.
   
   If the message includes over 65536 bytes without new line characters,
   the buffer will be overflowed.
   
   Buffer overflow also occurs when attempting to reply or forward the
   message included over 8188 bytes without new line characters.
   
   Successful exploitation of this vulnerability could allow remote
   attackers to execute arbitrary command.
                                      
   SNS Team has made a tool that sends full contents of "Inbox", stored
   e-mail messages as text files, to an outside FTP server. This tool
   will make an e-mail message containing unusually long non-breaking
   characters and shell code. Buffer overflow will occur when the e-mail
   message is attempted to reply or forward, and arbitrary command will
   be executed.
                                      
                                 [26_1.gif]
   
                                 Fig1: Tool
   
                                 [26_2.gif]
   
                 Fig2: Example of issue(top of the message)
   
                                 [26_3.gif]
   
   Fig3: Example of issue(bottom of the message: shell code is embedded)
   
                                 [26_4.gif]
   
                    Fig4: result on replying the message
   
       (contents of Inbox are transferred to a malicious FTP server)
   
   Tested Version:
   
   Becky! Internet Mail ver 2.00.05
   
   Becky! Internet Mail ver 2.00.03
   
   Status of fixes: 
   
   Due to prompt response by the author, the fixed version 2.00.06, has
   been published.
   
   [7]http://www.rimarts.co.jp/becky.htm
   
     Becky! Internet Mail Official Site:
     
     [8]http://www.rimarts.co.jp/index.html
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/26_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/23_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/27_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/26.html
   7. http://www.rimarts.co.jp/becky.htm
   8. http://www.rimarts.co.jp/index.html