remote system compromise in qpopper

ID SUSE-SA:2003:018
Type suse
Reporter Suse
Modified 2003-03-21T12:48:04


The Post-Office-Protocol- (POP-) Server qpopper (version 4) was vulnerable to a buffer overflow. The buffer overflow occurs after authentication has taken place. Therefore pop-users with a valid account can execute arbitrary code on the system running qpopper. Depending on the setup, the malicious code is run with higher privileges.