Pegasus Email Client < 4.31 Multiple Remote Overflows

medium Nessus Network Monitor Plugin ID 3332

Synopsis

The remote host is vulnerable to several remote buffer overflows.

Description

The remote host is running the Pegasus Email client. This version of Pegasus is vulnerable to two (2) distinct remote buffer overflows. In the first instance, an attacker, convincing a Pegasus user to connect to a malicious server, can cause a buffer overflow resulting in execution of arbitrary code. In the second instance, an attacker would need to be able to convince a Pegasus user to view the email 'headers'. Successful exploitation would result in the execution of arbitrary code.

Solution

Upgrade to version 4.31 or higher.

See Also

http://www.pmail.com

Plugin Details

Severity: Medium

ID: 3332

Family: SMTP Clients

Published: 12/20/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:david_harris:pegasus_mail

Reference Information

CVE: CVE-2005-4444, CVE-2005-4445

BID: 15973