[20365] in bugtraq
Re: SECURITY.NNOV: The Bat! bug
daemon@ATHENA.MIT.EDU (-mat- filid brandy)
Sun Apr 22 14:02:38 2001
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <01042120190001.05610@elektrobarde>
Date: Sat, 21 Apr 2001 20:19:00 +0200
Reply-To: brandy@klammeraffe.org
From: -mat- filid brandy <brandy@klammeraffe.org>
X-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <699942416.20010418170456@SECURITY.NNOV.RU>
This is a forwarded message
From: Bat Registrierservice <bathelp@is-web.com>
To: GardenStone@boudicca.de <GardenStone@boudicca.de>
Date: Saturday, April 21, 2001, 5:34:36 PM
Subject: The Bat! - Fehlermeldung [BUG-F8FEFAE1]
===8<==============Original message text===============
____________________________________________________________________
Nachricht vom : Freitag, 20. April 2001 <11:21>
zum Thema : The Bat! - Fehlermeldung [BUG-F8FEFAE1]
Bearbeitung: dhu <21.04.2001 - 17:32> Dieter Hummel
Status: done5e
____________________________________________________________________
Antwort von Ritlabs:
This is not a bug of The Bat! but a bug of MTA (POP3/SMTP servers)
that allow such odd messages. The proposed "bad-message"
(http://www.security.nnov.ru/files/badmess.zip) is not
RFC-compliant. Any RFC-compliant POP3/SMTP server must either bounce
or cure it. I've used a proposed example to send the message to
myself, on a FreeBSD server with Sendmail 8.11.1 I've typed
cat badmess | sendmail -U max@ritlabs.com
This message has been received by a KSI-Linux server with sendmail
8.8.8 and the POP3 to retrieve was Marc Crispin's daemon v2000.69.
The message has been received with orphaned LF's replaced to CR-LF
pairs. Some MTA software in transit has cured the message.
The Bat! could bounce such odd messages but it doesn't do it
intentionally because there are some odd mailserver that use single
LF as a line endings. These servers, however, will quote the dot in
the end of line and the proposed "bad-message" won't work with them
either.
...und eine weitere kurz hinterher:
I however made The Bat! to handle CR and LF that strictly to avoid
this vulnerability.
÷---------------------- [ The Bat! Mailing-Listen ] ----------------------÷
| Abonnieren Sie jetzt gleich kostenlos und unverbindlich die |
| 'Offizielle deutschsprachige The Bat! Diskussionsliste' |
| thebat-dt-subscribe@yahoogroups.com und profitieren Sie von der |
| Erfahrung von über 330 Mitgliedern. |
| |
| Sie sind mit The Bat! noch nicht vertraut oder zieren sich, |
| vermeintlich 'dumme' Fragen zu stellen? Dann ist die 'Beginner' |
| Diskussionsliste das Richtige für Sie. Abonnieren Sie unverbindlich |
| unter thebat-dt-beginner-subscribe@yahoogroups.com und fragen Sie, was |
| Sie bisher vielleicht nicht wagten... |
÷-------------------------------------------------------------------------÷
Mit freundlichen Grüssen
Integrated Services GbR
Offizielle deutsche Repräsentanz von RITLabs SRL, Moldava
Autorisierter The Bat! Registrier- und Supportservice
--
Online Registrierung : http://www.register-me.de/the_bat/register.html
Hilfedatei v1.5.0 : http://www.BatMail.de
Integrated Services e.K. | Web-Design Web-Hosting
Fon + Fax: +49.721.151248335
Email: sales@is-web.com | dhu@is-web.com
The Bat! v1.52 Beta/9 mod [2E7F60DA]
++ Outgoing mail with possible attachment is found to be virus free ++
Checked by AVP, using database update from 04-18-2001
