CVE-2001-0398
CVSS7.5
发布时间 :2001-06-18 00:00:00
修订时间 :2008-09-05 16:24:00
NMCOS    

[原文]The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.


[CNNVD]Rit Research Labs "The Bat!"隐藏附件漏洞(CNNVD-200106-100)

        BAT!邮件客户端存在漏洞。远程攻击者可以借助文件名包含许多空间的附件绕过可执行附件用户警告并执行任意命令,也可以导致带有不同图标的BAT!歪曲附件类型。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ritlabs:the_bat:1.031
cpe:/a:ritlabs:the_bat:1.1
cpe:/a:ritlabs:the_bat:1.47
cpe:/a:ritlabs:the_bat:1.36
cpe:/a:ritlabs:the_bat:1.42
cpe:/a:ritlabs:the_bat:1.041
cpe:/a:ritlabs:the_bat:1.14
cpe:/a:ritlabs:the_bat:1.49
cpe:/a:ritlabs:the_bat:1.029
cpe:/a:ritlabs:the_bat:1.34
cpe:/a:ritlabs:the_bat:1.037
cpe:/a:ritlabs:the_bat:1.17
cpe:/a:ritlabs:the_bat:1.48
cpe:/a:ritlabs:the_bat:1.043
cpe:/a:ritlabs:the_bat:1.45
cpe:/a:ritlabs:the_bat:1.18
cpe:/a:ritlabs:the_bat:1.039
cpe:/a:ritlabs:the_bat:1.0_build1349
cpe:/a:ritlabs:the_bat:1.31
cpe:/a:ritlabs:the_bat:1.028
cpe:/a:ritlabs:the_bat:1.0_build1336
cpe:/a:ritlabs:the_bat:1.35
cpe:/a:ritlabs:the_bat:1.44
cpe:/a:ritlabs:the_bat:1.15
cpe:/a:ritlabs:the_bat:1.41
cpe:/a:ritlabs:the_bat:1.032
cpe:/a:ritlabs:the_bat:1.22
cpe:/a:ritlabs:the_bat:1.46
cpe:/a:ritlabs:the_bat:1.035
cpe:/a:ritlabs:the_bat:1.21
cpe:/a:ritlabs:the_bat:1.015
cpe:/a:ritlabs:the_bat:1.011
cpe:/a:ritlabs:the_bat:1.19
cpe:/a:ritlabs:the_bat:1.32
cpe:/a:ritlabs:the_bat:1.101
cpe:/a:ritlabs:the_bat:1.42f
cpe:/a:ritlabs:the_bat:1.036
cpe:/a:ritlabs:the_bat:1.43
cpe:/a:ritlabs:the_bat:1.33
cpe:/a:ritlabs:the_bat:1.39

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0398
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0398
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200106-100
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/2530
(VENDOR_ADVISORY)  BID  2530
http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html
(VENDOR_ADVISORY)  BUGTRAQ  20010402 ~..~!guano

- 漏洞信息

Rit Research Labs "The Bat!"隐藏附件漏洞
高危 未知
2001-06-18 00:00:00 2006-09-22 00:00:00
远程  
        BAT!邮件客户端存在漏洞。远程攻击者可以借助文件名包含许多空间的附件绕过可执行附件用户警告并执行任意命令,也可以导致带有不同图标的BAT!歪曲附件类型。

- 公告与补丁

        Manufacturer
        http://www.ritlabs.com/ have fixed this in a beta release.
        --------------------------------------------
        Note: This is beta version of the program (not a release), use it at your own risk!
        --------------------------------------------
        Rit Research Labs The Bat! 1.0 11
        
        Rit Research Labs The Bat! 1.0 43
        
        Rit Research Labs The Bat! 1.0 41
        
        Rit Research Labs The Bat! 1.0 28
        
        Rit Research Labs The Bat! 1.0 29
        
        Rit Research Labs The Bat! 1.0 32
        
        Rit Research Labs The Bat! 1.0 35
        
        Rit Research Labs The Bat! 1.0 37
        
        Rit Research Labs The Bat! 1.0 build 1349
        
        Rit Research Labs The Bat! 1.0 build 1336
        
        Rit Research Labs The Bat! 1.0 15
        
        Rit Research Labs The Bat! 1.0 39
        
        Rit Research Labs The Bat! 1.0 36
        
        Rit Research Labs The Bat! 1.0 31
        
        Rit Research Labs The Bat! 1.1
        
        Rit Research Labs The Bat! 1.101
        
        Rit Research Labs The Bat! 1.14
        
        Rit Research Labs The Bat! 1.15
        
        Rit Research Labs The Bat! 1.17
        
        Rit Research Labs The Bat! 1.18
        
        Rit Research Labs The Bat! 1.19
        
        Rit Research Labs The Bat! 1.21
        
        Rit Research Labs The Bat! 1.22
        

- 漏洞信息

13867
The Bat! Mail Client Malformed Attachment Name Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-04-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Rit Research Labs "The Bat!" Concealed Attachment Vulnerability
Unknown 2530
Yes No
2001-04-02 12:00:00 2009-07-11 06:06:00
Reported to bugtraq by "http-equiv@excite.com" <http-equiv@excite.com> (c/o http://www.malware.com) on Mon, 2 Apr 2001

- 受影响的程序版本

Rit Research Labs The Bat! 1.101
Rit Research Labs The Bat! 1.49
Rit Research Labs The Bat! 1.48
Rit Research Labs The Bat! 1.47
Rit Research Labs The Bat! 1.46
Rit Research Labs The Bat! 1.45
Rit Research Labs The Bat! 1.44
Rit Research Labs The Bat! 1.43
Rit Research Labs The Bat! 1.42 f
Rit Research Labs The Bat! 1.42
Rit Research Labs The Bat! 1.41
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.39
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.36
Rit Research Labs The Bat! 1.35
Rit Research Labs The Bat! 1.34
Rit Research Labs The Bat! 1.33
Rit Research Labs The Bat! 1.32
Rit Research Labs The Bat! 1.31
Rit Research Labs The Bat! 1.22
Rit Research Labs The Bat! 1.21
Rit Research Labs The Bat! 1.19
Rit Research Labs The Bat! 1.18
Rit Research Labs The Bat! 1.17
Rit Research Labs The Bat! 1.15
Rit Research Labs The Bat! 1.14
Rit Research Labs The Bat! 1.1
Rit Research Labs The Bat! 1.0 43
Rit Research Labs The Bat! 1.0 41
Rit Research Labs The Bat! 1.0 39
Rit Research Labs The Bat! 1.0 37
Rit Research Labs The Bat! 1.0 36
Rit Research Labs The Bat! 1.0 35
Rit Research Labs The Bat! 1.0 32
Rit Research Labs The Bat! 1.0 31
Rit Research Labs The Bat! 1.0 29
Rit Research Labs The Bat! 1.0 28
Rit Research Labs The Bat! 1.0 15
Rit Research Labs The Bat! 1.0 11
Rit Research Labs The Bat! 1.0 build 1349
Rit Research Labs The Bat! 1.0 build 1336

- 漏洞讨论

"The Bat!" is an MUA for Windows by Rit Research Labs.

A remote attacker can compose an email message which contains an attached file having a carefully-composed filename, in which excess whitespace is used to conceal the filename, and the file's presence, in the "The Bat!" user's inbox.

This could lead a victim user to execute a potentially malicious attachment without being properly alerted that the attachment is of an executable type.

If run, an attachment containing a hostile program or script could have serious security consequences for the affected system.

- 漏洞利用

See http://www.malware.com/guano.eml

From original bugtraq post:
"We are able to blind the The BAT! ~..~ with trivial file extension modifications and carefully calculated file name lengths:

Content-Type:image/gif;
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename=" what's this?




.gif.exe"

Will create an inline attachment, which, while not important will not be indicted in the in-box. What is important is that the attachment viewed once the mail message has been opened will be with the icon of something else.

On two win98 machines, we achieved the icon of a folder: (screen shot: http://www.malware.com/guano.jpg 32KB)"

- 解决方案

Manufacturer http://www.ritlabs.com/ have fixed this in a beta release.

--------------------------------------------
Note: This is beta version of the program (not a release), use it at your own risk!
--------------------------------------------


Rit Research Labs The Bat! 1.0 11

Rit Research Labs The Bat! 1.0 43

Rit Research Labs The Bat! 1.0 41

Rit Research Labs The Bat! 1.0 28

Rit Research Labs The Bat! 1.0 29

Rit Research Labs The Bat! 1.0 32

Rit Research Labs The Bat! 1.0 35

Rit Research Labs The Bat! 1.0 37

Rit Research Labs The Bat! 1.0 build 1349

Rit Research Labs The Bat! 1.0 build 1336

Rit Research Labs The Bat! 1.0 15

Rit Research Labs The Bat! 1.0 39

Rit Research Labs The Bat! 1.0 36

Rit Research Labs The Bat! 1.0 31

Rit Research Labs The Bat! 1.1

Rit Research Labs The Bat! 1.101

Rit Research Labs The Bat! 1.14

Rit Research Labs The Bat! 1.15

Rit Research Labs The Bat! 1.17

Rit Research Labs The Bat! 1.18

Rit Research Labs The Bat! 1.19

Rit Research Labs The Bat! 1.21

Rit Research Labs The Bat! 1.22

Rit Research Labs The Bat! 1.31

Rit Research Labs The Bat! 1.32

Rit Research Labs The Bat! 1.33

Rit Research Labs The Bat! 1.34

Rit Research Labs The Bat! 1.35

Rit Research Labs The Bat! 1.36

Rit Research Labs The Bat! 1.39

Rit Research Labs The Bat! 1.41

Rit Research Labs The Bat! 1.42

Rit Research Labs The Bat! 1.42 f

Rit Research Labs The Bat! 1.43

Rit Research Labs The Bat! 1.44

Rit Research Labs The Bat! 1.45

Rit Research Labs The Bat! 1.46

Rit Research Labs The Bat! 1.47

Rit Research Labs The Bat! 1.48

Rit Research Labs The Bat! 1.49

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站