remote system compromise in qpopper

2003-03-2112:48:04

lists.opensuse.org

0.012 Low

EPSS

Percentile

85.3%

JSON

The Post-Office-Protocol- (POP-) Server qpopper (version 4) was vulnerable to a buffer overflow. The buffer overflow occurs after authentication has taken place. Therefore pop-users with a valid account can execute arbitrary code on the system running qpopper. Depending on the setup, the malicious code is run with higher privileges.

OSVersionArchitecturePackageVersionFilename
openSUSE8.0i386qpopper< 4.0.3-178qpopper-4.0.3-178.i386.rpm
openSUSE8.1i586qpopper< 4.0.4-133qpopper-4.0.4-133.i586.rpm