Pegasus Mail RFC2822 Message Display Overflow

2005-12-20T09:22:47
ID OSVDB:21843
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2005-12-20T09:22:47

Description

Vulnerability Description

A remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

When displaying the email message headers that conform to RFC2822, it is possible for a constructed header to trigger an 'off-by-one' error. This can potentially lead to the least significant byte of the frame pointer in the handling function being overwritten if the header is 1022 bytes or longer. Code execution using this flaw has been confirmed on Windows XP.

Solution Description

Upgrade to version 4.31 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015385 Secunia Advisory ID:17992 Related OSVDB ID: 21842 Other Advisory URL: http://secunia.com/secunia_research/2005-61/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1034.html CVE-2005-4445 Bugtraq ID: 15973