OSVDB ID: 6481

Title: Pegasus Mail From/To Header Overflow DoS

Info

Disclosure

Jul 24, 2002

Discovery

Unknown

Dates

Exploit

Jul 24, 2002

Solution

Unknown

Description

An overflow exists in the Pegasus mail client. The MUA fails to process long headers over 259 characters in the To: or From: fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause a crash or possibly execute code resulting in a loss of integrity and/or availability.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Public

Solution

Upgrade to version Pegasus Mail 4.02 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

David Harris

Pegasus Mail

4.01

References

Credit

  • Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org


Direct URL: http://osvdb.org/6481