COMMAND

    SDWB (Sega Dreamcast Web Browser)

SYSTEMS AFFECTED

    Sega Dreamcast

PROBLEM

    Following is based on Sega Dreamcast Web Browser Advisory by  John
    Bissell a.k.a. hight1mes.  The Sega Dreamcast Web Browser software
    that comes packaged in with  every Dreamcast now allows the  gamer
    for the first time ever to  connect to the Internet via a  console
    system.   Unfortunately Sega  has delivered  the general  public a
    very insecure web browser for browsing the web.

    SDWB (Sega Dreamcast Web Browser) now only can browse the web  but
    can send and receive email by  clicking on the Mail icon from  the
    command cluster.   This is where  we find the  security problem in
    the SDWB mailbox.  The problem can be exploited in the SDWB itself
    or any other email client  that supports huge a huge  subject when
    composing a message.   We will now break  down the exploit into  a
    list of easy steps using the SDWB.

        1.) Start up the Sega Dreamcast Web Browser and connect to the
            Internet
        2.) Send a message with a huge and i mean huge subject line.

    Thats it!  Now where  that message  was sent  to no  email can  be
    viewed or managed threw the SDWB.  When the victim SDWB user  trys
    to read his  email account he  will get a  error message reporting
    quote "An internal error has occurred. Please contact Sega."  This
    sort of problem exists in alot of software across the globe due to
    insufficient bounds checking...

SOLUTION

    To fix  this internal  error when  SDWB trys  to access your email
    account you must use email software like Outlook Express,  Eudora,
    etc  on  a  computer  to  delete  the  evil  message(s)  with huge
    subjects.