Lucene search

[email protected]CVE-2005-4444

HistoryDec 21, 2005 - 2:03 a.m.

CVE-2005-4444

2005-12-2102:03:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2005-4444

buffer overflow

pegasus mail

remote code execution

pop3

security vulnerability

8.9 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.105 Low

EPSS

Percentile

94.9%

JSON

Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.

CPENameOperatorVersion
david_harris:pegasus_maildavid harris pegasus maileq4.21b
david_harris:pegasus_maildavid harris pegasus maileq4.30pb1
david_harris:pegasus_maildavid harris pegasus maileq4.21a
david_harris:pegasus_maildavid harris pegasus maileq4.21c

CPE	Name	Operator	Version
david_harris:pegasus_mail	david harris pegasus mail	eq	4.21b
david_harris:pegasus_mail	david harris pegasus mail	eq	4.30pb1
david_harris:pegasus_mail	david harris pegasus mail	eq	4.21a
david_harris:pegasus_mail	david harris pegasus mail	eq	4.21c

References

secunia.com/advisories/17992

secunia.com/secunia_research/2005-61/advisory/

securitytracker.com/id?1015385

www.osvdb.org/21842

www.pmail.com/newsflash.htm#secunia

www.securityfocus.com/archive/1/419908/100/0/threaded

www.securityfocus.com/bid/15973

www.vupen.com/english/advisories/2005/3004

8.9 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.105 Low

EPSS

Percentile

94.9%

JSON