Qpopper Options Buffer Overflow Network Vulnerability

Summary

The remote qpopper server, according to its banner, is running version 4.0.3 or version 4.0.4. These versions are vulnerable to a buffer overflow if they are configured to allow the processing of a user's ~/.qpopper-options file. A local user can cause a buffer overflow by setting the bulldir variable to something longer than 256 characters. *** This test could not confirm the existence of the *** problem - it relied on the banner being returned.

Solution

Upgrade to the latest version, or disable processing of user option files.

Severity

Classification

CVE CVE-2001-1046
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ChaSen Buffer Overflow Vulnerability (Windows)
Audacity Buffer Overflow Vulnerability (Win)
Bopup Communication Server Remote Buffer Overflow Vulnerability
Becky! Internet Mail Buffer Overflow Vulnerability
CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability

qpopper options buffer overflow

Take action and discover your vulnerabilities