Qpopper pop_msg.c AUTH Overflow

1999-11-30T00:00:00
ID OSVDB:6992
Type osvdb
Reporter Lucid Solutions(lucid@terra.nebula.org), Mixter(mixter@newyorkoffice.com)
Modified 1999-11-30T00:00:00

Description

Vulnerability Description

A remote overflow exists in Qpopper. The Qpopper fails to check the boundary in "pop_msg.c" function, resulting in a buffer overflow. With a specially crafted request, a remote attacker can overflow a buffer and gain root privileges on the system, resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 3.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Qpopper. The Qpopper fails to check the boundary in "pop_msg.c" function, resulting in a buffer overflow. With a specially crafted request, a remote attacker can overflow a buffer and gain root privileges on the system, resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://qpopper.sourceforge.net/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q4/0135.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q4/0147.html ISS X-Force ID: 3677 CVE-1999-0822 Bugtraq ID: 830