Информационная безопасность
[RU] switch to English


Дополнительная информация

  Доступ к специальным устройствам в TheBat! (special device access)

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:27 февраля 2002 г.
Subject:SECURITY.NNOV: Special device access in The Bat!

Dear bugtraq,

Topic:          Special device access in The Bat!
Author:         3APA3A <[email protected]>
Date:           February, 25 2002
Software:       The Bat! 1.53d, 1.54beta
Vendor:         Ritlabs (http://www.thebat.net)
Risk:           Low to average
Remote:         Yes
Exploitable:    Yes
Vendor Status:  Notified, not verified


Details:

The   Bat!   has special device access bug. If The Bat! is configured to
save attachment apart from message bodies and file has a name of special
device  The  Bat!  will attempt to open special device. This kind of bug
was  described  in  [1].  This  bug  was probably reintroduced in one of
latest version, because our previous test with this product 6 months ago
failed.

It's  not  clear at that moment if it's possible to write special device
(for example to send attached file to printer or COM port), but this bug
definitely  can  be  used  as  a DoS attack against The Bat!. After this
message  The  Bat! stops receiving of any messages (sometimes absolutely
silent, sometimes warning displayed that file can't be open).

Workaround:

Disable   "Keep   attachment   files   separately"   option   or   use
Account/Dispatch  Mail  On  Server  option to delete problematic message
from server.

Vendor:

Vendor was contacted twice on February, 19. No replies received.


Exploitation:

bash-2.03$ sendmail -U [email protected]
From: test
To: test
Content-Type: apllication/exe; name=lpt1

Test
.   

References:

[1]  SECURITY.NNOV: Multiple archivers special DOS/Windows
    devices access
    http://www.security.nnov.ru/advisories/archdos.asp
 

--
http://www.security.nnov.ru
        /\_/\
       { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                   |/
You know my name - look up my number (The Beatles)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород