Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed.
Because The Bat! may incorrectly accept a carriage return as a carriage return/line feed pair, a valid RFC822 message containing isolated carriage returns may cause The Bat! to prematurely identify the end of a mail message. Subsequent lines in the body of the message may cause The Bat! to generate an error message. Since the email message was not successfully retrieved, it is not deleted from the POP3 or IMAP server, causing a similiar error on subsequent attempts to retrieve mail.
By injecting a malicious message into a user's mailstream (sending it to their POP3 or IMAP server) an attacker can cause that user to be unable to retrieve their mail until the offending message is removed. This may require the user's mail administrator to intervene.
Upgrade Your Mail Client
The Bat! v1.42 Beta/10 released Sat, 21 Apr 2001 fixes this problem.
Remove Malicious Mail Messages Using Another Mail Client
Users can temporarily correct this problem by removing malicious mail messages using a mail client that does not have this vulnerability.
Vendor| Status| Date Notified| Date Updated
RIT Labs| | -| 01 Jun 2001
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This problem appears to have been discovered by a researcher at security.nnov.ru.
This document was written by Cory F. Cohen.