Pegasus Mail POP3 Response Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running Pegasus Mail which is prone to stack-based Buffer Overflow vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code or cause the application to crash by sending overly long error responses from a remote POP3 server to the affected mail client. Impact Level: Application

Solution

Upgrade to version 4.51 or higher, For updates refer to http://www.pmail.com/downloads_s3_t.htm

Insight

A stack based buffer overflow error occus due to improper bounds checking when processing POP3 responses.

Affected

Pegasus Mail 4.51 and prior.

References

http://secunia.com/advisories/37134
http://securitytracker.com/alerts/2009/Oct/1023075.html
http://www.vupen.com/english/advisories/2009/3026

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3838

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
Cscope Multiple Buffer Overflow vulnerability
Audacity Buffer Overflow Vulnerability (Win)
Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities