Pegasus Email Client < 4.31 Multiple Remote Overflows

Medium Nessus Network Monitor Plugin ID 3332

Synopsis

The remote host is vulnerable to several remote buffer overflows.

Description

The remote host is running the Pegasus Email client. This version of Pegasus is vulnerable to two (2) distinct remote buffer overflows. In the first instance, an attacker, convincing a Pegasus user to connect to a malicious server, can cause a buffer overflow resulting in execution of arbitrary code. In the second instance, an attacker would need to be able to convince a Pegasus user to view the email 'headers'. Successful exploitation would result in the execution of arbitrary code.

Solution

Upgrade to version 4.31 or higher.

See Also

http://www.pmail.com

Plugin Details

Severity: Medium

ID: 3332

File Name: 3332.prm

Family: SMTP Clients

Published: 2005/12/20

Modified: 2016/11/23

Dependencies: 1100

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.1

Temporal Score: 5

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2005-4444, CVE-2005-4445

BID: 15973

OSVDB: 21842, 21843