Info

Disclosure

Jul 24, 2002

Discovery

Unknown

Dates

Exploit

Jul 24, 2002

Solution

Unknown

Description

An overflow exists in the Pegasus mail client. The MUA fails to process long headers over 259 characters in the To: or From: fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause a crash or possibly execute code resulting in a loss of integrity and/or availability.

Classification

Location: Context Dependent
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Public

Solution

Upgrade to version Pegasus Mail 4.02 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

David Harris

Pegasus Mail

4.01

References

CVE ID: 2002-1075 (see also: NVD)
Exploit Database: 21648
Bugtraq ID: 5302
ISS X-Force ID: 9673
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/6481