OSVDB ID: 10565 Title: Mail Notification POP3 Malformed STAT Reply Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A remote overflow exists in Mail Notification. Mail Notification fails to perform sufficient input validation in POP3 code resulting in a stack overflow. Using a malformed STAT reply, an attacker can execute arbitrary code with privileges of the user running Mail Notification resulting in a loss of integrity. Note: To successfully exploit this vulnerability the attacker must first hijack the connection between Mail Notification and the POP3 server. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Upgrade to version 0.4.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not monitor a POP3 mailbox. If you want to ensure that the faulty code will not be used, reinstall Mail Notification using the following commands: $ ./configure --disable-pop3 $ make $ make install |
Products |
|
References |
|
Credit |
Unknown or Incomplete |