ID OSVDB:21843 Type osvdb Reporter Tan Chew Keong(vuln@secunia.com) Modified 2005-12-20T09:22:47
Description
Vulnerability Description
A remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Technical Description
When displaying the email message headers that conform to RFC2822, it is possible for a constructed header to trigger an 'off-by-one' error. This can potentially lead to the least significant byte of the frame pointer in the handling function being overwritten if the header is 1022 bytes or longer. Code execution using this flaw has been confirmed on Windows XP.
Solution Description
Upgrade to version 4.31 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
A remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
{"edition": 1, "title": "Pegasus Mail RFC2822 Message Display Overflow", "bulletinFamily": "software", "published": "2005-12-20T09:22:47", "lastseen": "2017-04-28T13:20:18", "modified": "2005-12-20T09:22:47", "reporter": "Tan Chew Keong(vuln@secunia.com)", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:21843", "description": "## Vulnerability Description\nA remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Technical Description\nWhen displaying the email message headers that conform to RFC2822, it is possible for a constructed header to trigger an 'off-by-one' error. This can potentially lead to the least significant byte of the frame pointer in the handling function being overwritten if the header is 1022 bytes or longer. Code execution using this flaw has been confirmed on Windows XP.\n## Solution Description\nUpgrade to version 4.31 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://www.pmail.com/newsflash.htm#secunia)\nSecurity Tracker: 1015385\n[Secunia Advisory ID:17992](https://secuniaresearch.flexerasoftware.com/advisories/17992/)\n[Related OSVDB ID: 21842](https://vulners.com/osvdb/OSVDB:21842)\nOther Advisory URL: http://secunia.com/secunia_research/2005-61/advisory/\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1034.html\n[CVE-2005-4445](https://vulners.com/cve/CVE-2005-4445)\nBugtraq ID: 15973\n", "affectedSoftware": [{"name": "Pegasus Mail", "version": "4.21a", "operator": "eq"}, {"name": "Pegasus Mail", "version": "4.21c", "operator": "eq"}, {"name": "Pegasus Mail", "version": "4.21b", "operator": "eq"}, {"name": "Advanced Poll", "version": "4.30PB1", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2017-04-28T13:20:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-4445"]}], "modified": "2017-04-28T13:20:18", "rev": 2}, "vulnersScore": 5.9}, "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 5.1}, "cvelist": ["CVE-2005-4445"], "id": "OSVDB:21843"}
