Pegasus Mail POP3 Response Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running Pegasus Mail which is prone to stack-based Buffer Overflow vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code or cause the application to crash by sending overly long error responses from a remote POP3 server to the affected mail client. Impact Level: Application

Solution

Upgrade to version 4.51 or higher, For updates refer to http://www.pmail.com/downloads_s3_t.htm

Insight

A stack based buffer overflow error occus due to improper bounds checking when processing POP3 responses.

Affected

Pegasus Mail 4.51 and prior.

References

http://secunia.com/advisories/37134
http://securitytracker.com/alerts/2009/Oct/1023075.html
http://www.vupen.com/english/advisories/2009/3026

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3838
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
Adobe Air Buffer Overflow Vulnerability (Mac OS X)
Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
BS.Player '.bsl' File Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities