[7470] in bugtraq
Re: netscape mail overflow(another one)
daemon@ATHENA.MIT.EDU (pedward@WEBCOM.COM)
Wed Jul 29 17:38:37 1998
Date: Wed, 29 Jul 1998 10:34:04 -0700
Reply-To: pedward@WEBCOM.COM
From: pedward@WEBCOM.COM
X-To: brett@lariat.org
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807290549.XAA01769@lariat.lariat.org> from "Brett Glass" at
Jul 28, 98 11:49:04 pm
Netscape mail for Windows has an overflow in the body. This is evident when a spammer
sends one of our customers a message with the text all on one line. You can reproduce
by putting 32768 characters in a line, mail it to yourself, and try to download.
Netscape chokes when reading the POP box and refuses to fetch the message. I
just use netscape mail for Unix and the problem doesn't exist (gee, I wonder why :>)
--Perry
>
> It makes perfect sense that any header field could overflow a limited buffer.
> I'd assumed that developers would have the sense to check ALL of the buffers
> used to store headers, but maybe this should be pointed out to them, just to
> make sure.
>
> We may see exploits based on bugs in UUDECODE and BinHex decoders in mailers
> as well. I'm sure they're there given the overall low quality of the code
> that these companies are generating (sigh).
>
> --Brett Glass
>
> At 08:21 PM 7/28/98 +0200, Paul Boehm wrote:
>
--
Perry Harrington System Software Engineer zelur xuniL ()
http://www.webcom.com perry.harrington@webcom.com Think Blue. /\
