Jump to content
Sign in to follow this  
TCH-Thomas

The Bat! Email Subject Header Buffer Overflow Vulnerability

Recommended Posts

Secunia writes

 

Description:

Nemesis Security Audit Group has discovered a vulnerability in The Bat!, which potentially can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to a boundary error within the parsing of the email subject header. This can be exploited to cause a unicode stack-based buffer overflow via a specially-crafted email message with an overly long subject.

 

The vulnerability has been confirmed in version 3.60.07. Other versions may also be affected.

 

Solution:

Update to version 3.71.03.

http://www.ritlabs.com/en/products/thebat/download.php

Share this post


Link to post
Share on other sites
Nemesis Security Audit Group has discovered a vulnerability in The Bat!, which potentially can be exploited by malicious people to compromise a user's system.

 

Some Security group that has nothing better to do publishes a vulnerability it found in a program called The Bat!.

 

I'm curious, who even uses this program? I've never heard of it and seaches on Google only produce one link to its web site that relates to it. So why would Secunia worry about such a non-issue as this and apply a Critical rating to it.

 

There's no one using the program so hackers will not waste their time writing code to exploit it. Yes its a good idea to notify about an update but leave that to the company to inform its userbase. I don't believe its a big threat to the Internet at large.

Share this post


Link to post
Share on other sites

Oops, looks like I'm in trouble now :)

 

And I even replied to that string right behind Bills endorsement.

 

Still, the major browsers are what the hackers concentrate on so I think there is a very very slim chance that anything will ever be seen "in the wild" for it.

 

Thanks for the Info Groovyfish.

 

{waits for Bill}

Share this post


Link to post
Share on other sites
I'm curious, who even uses this program? I've never heard of it and seaches on Google only produce one link to its web site that relates to it.

 

Try the string "the bat" email which produces 1.9 million hits. Even narrowing it down from email about Batman by adding the string ritlabs (the creator) gives us 105K hits. You must have caught Google at a bad time or something.

 

Take this for what it's worth, consider the source, your mileage may vary, etc.

Over these past years our user-base has grown into the many thousands
which is sufficiently vague as to have only limited value.

 

I own the program and have been considering upgrading it even though I do everything on Gmail right now. It has some very nice features, especially (IMO) for multiple email accounts. The thing I like the most is that I can do a template so that if I am replying to email that was sent to my XYZ address, the reply can automatically have "Thank you for contacting XYZ" and the sig can be customized "Jim Sewell - XYZ Guru" and be something totally different when I'm replying to an email that came to another of my addresses. Cool stuff.

Share this post


Link to post
Share on other sites

Oh I got thousands of hits Jim, only the first result was the Ritlabs site and the rest were for anything else relating to bats. I didn't bother seaching thourghly.

 

Over these past years our user-base has grown into the many thousands

 

That is what I would expect, I believe its a good program because of the things you and Bill say about it. But its a email program you have to pay for and with all the other free ones out there it will remain in the "many thousands" I'm afraid.

Share this post


Link to post
Share on other sites

As long as we continue to become "I want it all free... I deserve to have great programs and not pay for it" computing community you may be right. I use a lot of free programs, don't get me wrong, but if it's worth it then I'll pay for something I use. Too many others won't, sadly for the programmers who have less motivation to create excellence.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...