Rit Research Labs "The Bat!"遗失线路供应DoS漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106308 漏洞类型 其他
发布时间 2001-04-18 更新时间 2006-12-12
CVE编号 CVE-2001-0675 CNNVD-ID CNNVD-200109-064
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20783
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200109-064
|漏洞详情
Windows中的RitResearchLabsTheBat!1.51版本存在漏洞。远程攻击者可以通过向包含不被线路供应跟随的carragereturn的用户账号发送电子邮件导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2636/info

"The Bat!" is an MUA for Windows by Rit Research Labs.

"The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop.

As a result, the user will remain unable to receive new email messages from the affected POP3 account. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20783.zip
|参考资料
resource:Exploit
hyperlink:http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html
resource:Vendor Advisory
hyperlink:http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html
resource:Vendor Advisory
hyperlink:http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html
resource:
hyperlink:http://www.securityfocus.com/bid/2636
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/6423