|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
A remote overflow exists in Mail Notification. Mail Notification fails to perform sufficient input validation in POP3 code resulting in a stack overflow. Using a malformed STAT reply, an attacker can execute arbitrary code with privileges of the user running Mail Notification resulting in a loss of integrity. Note: To successfully exploit this vulnerability the attacker must first hijack the connection between Mail Notification and the POP3 server.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 0.4.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not monitor a POP3 mailbox. If you want to ensure that the faulty code will not be used, reinstall Mail Notification using the following
commands:
$ ./configure --disable-pop3
$ make
$ make install
|
|
Products |
|
Mail Notification
 |
0.3.0 |
0.3.1 |
0.3.2 |
0.3.3 |
0.3.4 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
