| VID |
18031 |
| Severity |
40 |
| Port |
110 |
| Protocol |
TCP |
| Class |
Pop3 |
| Detailed Description |
The Qpopper is vulnerable to a buffer overflow attack. Qpopper is POP3 mail server distributed by Qualcomm for Unix systems.
A number of buffer overflows exist in versions prior to 2.5 of Qualcomm's qpopper program. This makes it possible for a remote attacker to execute arbitrary code on the server with root privileges. The vulnerability exists in the way qpopper handles user supplied input for a number of pop commands, including, but not limited to, USER, PASS, as well as any line containing in excess of 1024 characters.
* References:
http://www.iss.net/security_center/static/1890.php
http://www.securityfocus.com/bid/133 |
| Recommendation |
Upgrade to the latest version of Qpopper (4.0 or later), available from the Qualcomm Web site:
"QUALCOMM's ftp site" at http://www.eudora.com/qpopper_general/#CURRENT |
| Related URL |
CVE-1999-0006 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
