RIT Research Labs The Bat! does not properly parse characters not followed by a character

2001-06-01T00:00:00
ID VU:310816
Type cert
Reporter CERT
Modified 2001-08-30T00:00:00

Description

Overview

Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed.

Description

Because The Bat! may incorrectly accept a carriage return as a carriage return/line feed pair, a valid RFC822 message containing isolated carriage returns may cause The Bat! to prematurely identify the end of a mail message. Subsequent lines in the body of the message may cause The Bat! to generate an error message. Since the email message was not successfully retrieved, it is not deleted from the POP3 or IMAP server, causing a similiar error on subsequent attempts to retrieve mail.


Impact

By injecting a malicious message into a user's mailstream (sending it to their POP3 or IMAP server) an attacker can cause that user to be unable to retrieve their mail until the offending message is removed. This may require the user's mail administrator to intervene.


Solution

Upgrade Your Mail Client

The Bat! v1.42 Beta/10 released Sat, 21 Apr 2001 fixes this problem.


Remove Malicious Mail Messages Using Another Mail Client

Users can temporarily correct this problem by removing malicious mail messages using a mail client that does not have this vulnerability.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
RIT Labs| | -| 01 Jun 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.securityfocus.com/bid/2636>
  • <http://www.ritlabs.com/the_bat/index.html>
  • <http://www.security.nnov.ru/search/news.asp?binid=1136>
  • <http://xforce.iss.net/static/6423.php>

Credit

This problem appears to have been discovered by a researcher at security.nnov.ru.

This document was written by Cory F. Cohen.

Other Information

  • CVE IDs: Unknown
  • Date Public: 25 Apr 2001
  • Date First Published: 01 Jun 2001
  • Date Last Updated: 30 Aug 2001
  • Severity Metric: 1.62
  • Document Revision: 7