Community Discussions and Support
SecurityFocus lists "remote BoF" in Pegasus Mail 4.51

> Saw this on the SecurityFocus web site this morning:
> http://www.securityfocus.com/archive/1/507377
> Application: Pegasus Mail Client
> Pegasus Mail 4.51.(win32)
> Platforms: Windows XP Professional SP2
> Exploitation: remote BoF
> Date: 2009-10-06
> Author: Francis Provencher (Protek Research Lab's)

From David Harris

"Just so you know...

There's been a bug logged with BugTraq claiming that Pegasus Mail
has a remote buffer overflow vulnerability.

The gist of the report is that if you can get a Pegasus Mail user to
connect to a specially compromised POP3 server, and the server sends a
particularly long error response immediately upon connection, the copy of
Pegasus Mail will crash (or can theoretically be compromised).

I have confirmed and fixed this problem, although I regard it as a very
low-risk vulnerability, simply because of the hoops a villain would have
to go through to be able to use it.

Cheers!

-- David --"

> Saw this on the SecurityFocus web site this morning: > http://www.securityfocus.com/archive/1/507377 > Application: Pegasus Mail Client > Pegasus Mail 4.51.(win32) > Platforms: Windows XP Professional SP2 > Exploitation: remote BoF > Date: 2009-10-06 > Author: Francis Provencher (Protek Research Lab's) From David Harris "Just so you know... There's been a bug logged with BugTraq claiming that Pegasus Mail has a remote buffer overflow vulnerability. The gist of the report is that if you can get a Pegasus Mail user to connect to a specially compromised POP3 server, and the server sends a particularly long error response immediately upon connection, the copy of Pegasus Mail will crash (or can theoretically be compromised). I have confirmed and fixed this problem, although I regard it as a very low-risk vulnerability, simply because of the hoops a villain would have to go through to be able to use it. Cheers! -- David --"

Saw this on the SecurityFocus web site this morning:

http://www.securityfocus.com/archive/1/507377

Application: Pegasus Mail Client
Pegasus Mail 4.51.(win32)
Platforms: Windows XP Professional SP2

Exploitation: remote BoF

Date: 2009-10-06

Author: Francis Provencher (Protek Research Lab's)


<p>Saw this on the SecurityFocus web site this morning:</p><p>http://www.securityfocus.com/archive/1/507377</p><p>Application: Pegasus Mail Client Pegasus Mail 4.51.(win32) Platforms: Windows XP Professional SP2 Exploitation: remote BoF Date: 2009-10-06 Author: Francis Provencher (Protek Research Lab's) </p><p> </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft