The Post-Office-Protocol- (POP-) Server qpopper (version 4) was vulnerable to a buffer overflow. The buffer overflow occurs after authentication has taken place. Therefore pop-users with a valid account can execute arbitrary code on the system running qpopper. Depending on the setup, the malicious code is run with higher privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 8.0 | i386 | qpopper | < 4.0.3-178 | qpopper-4.0.3-178.i386.rpm |
openSUSE | 8.1 | i586 | qpopper | < 4.0.4-133 | qpopper-4.0.4-133.i586.rpm |