Bugtraq mailing list archives
Re: QPopper 4.0.4 buffer overflow
From: J Mike Rollins <rollins () wfu edu>
Date: Tue, 30 Apr 2002 09:43:53 -0400 (EDT)
Affected versions 4.0.3 and 4.0.4. default install. Servers, not processing user`s configuration file (~/.qpopper-options) are insensible to this bug.
Our testing has shown that you must use the -u parameter to be susceptible
to this vulnerability.
If you don't use the -u parameter for qpopper this file is not accessed.
You can use the -d parameter to view the debug output to verify this.
Mike
UNIX Systems Administrator at Wake Forest University.
======================================================================
J. Mike Rollins rollins () wfu edu
Wake Forest University http://www.wfu.edu/~rollins
Winston-Salem, NC work: (336) 758-1938
======================================================================
Current thread:
- List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 Toni Lassila (Apr 19)
- Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 Bronek Kozicki (Apr 19)
- Re: QPopper 4.0.4 buffer overflow J Mike Rollins (Apr 30)
- Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 Bronek Kozicki (Apr 19)