Lucene search

MitreCVE-2009-3838

HistoryNov 02, 2009 - 3:30 p.m.

CVE-2009-3838

2009-11-0215:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-3838

buffer overflow

pegasus mail

pmail

denial of service

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

High

EPSS

0.027

Percentile

90.5%

JSON

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.

Affected configurations

Nvd

Node

pmailpegasus_mailMatch4.41

pmailpegasus_mailMatch4.51

VendorProductVersionCPE
pmailpegasus_mail4.41cpe:2.3:a:pmail:pegasus_mail:4.41:*:*:*:*:*:*:*
pmailpegasus_mail4.51cpe:2.3:a:pmail:pegasus_mail:4.51:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pmail	pegasus_mail	4.41	cpe:2.3:a:pmail:pegasus_mail:4.41:::::::*
pmail	pegasus_mail	4.51	cpe:2.3:a:pmail:pegasus_mail:4.51:::::::*

References

osvdb.org/59261

secunia.com/advisories/37134

www.packetstormsecurity.org/0910-exploits/pegasusmc-dos.txt

www.securityfocus.com/archive/1/507377/100/0/threaded

www.securityfocus.com/bid/36797

www.securitytracker.com/id?1023075

www.vupen.com/english/advisories/2009/3026

www.vupen.com/exploits/Pegasus_Mail_POP3_Message_Handling_Remote_Buffer_Overflow_Exploit_3026233.php

exchange.xforce.ibmcloud.com/vulnerabilities/53933

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

High

EPSS

0.027

Percentile

90.5%

JSON

Related for CVE-2009-3838