SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Vulnerability The Bat v. 3.60.07


Arrow  SecurityAlert : 485
Arrow  CVE : CVE-2006-0918
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : NSA Group
Arrow  Published : 24.02.2006

Arrow  Affected Software : The Bat v. 3.60.07



Arrow  Advisory Content :  

Advisory:
NSAG-¹198-23.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product:
The Bat v. 3.60.07

Site of manufacturer:
www.ritlabs.com

The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is notified.
12/12/2005 - Answer of the manufacturer.
22/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/953.html

Risk:
Critical

Description:
Vulnerability exists owing to insufficient check of the size of the buffer
of a variable
in which it is copied data from field Subject.

Influence:
The malefactor is capable to execute an any code on a computer of the
addressee of the letter.

Exploit:
If a field subject == 4038 bytes at reception of such letter there is an
overflow of the buffer and
Rewriting of registers EIP and EBP, that allows the malefactor to execute
Any code in a context vulnerable The Bat appendices.
Exemple:

Subject:AAAAAAAAAAA.... 4038..... AABB
A=0x41 (hex)
B=0x42 (hex)

Condition of a code, at the moment of overflow:
New Entery point:
00420042 FE???; Unknown command // Performance of an any code!!!

Condition of registers:
EAX 01CCC4A4
ECX 00000000
EDX 0012FA5C
EBX 02A4EB40
ESP 0012F9EC
EBP 00410041 thebat.00410041

A A
ESI 00000004
EDI 02A231F0
EIP 00420042 thebat.00420042

B B

Decision:
Download new version.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from
a various sort of attacks of malefactors!

www.nsag.ru
?Nemesis? © 2006
------------------------------------
Nemesis Security Audit Group © 2006.




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass
Copyright © SecurityReason.com. All Rights Reserved.