Bugtraq mailing list archives
Re: QPopper 4.0.x buffer overflow vulnerability
From: Florian Heinz <heinz () cronon-ag de>
Date: Wed, 12 Mar 2003 05:05:41 +0100
On Tue, Mar 11, 2003 at 07:05:51PM -0800, Randall Gellens wrote:
The first I heard of the problem was this morning. Was any notice sent to qpopper-bugs () qualcomm com or qpopper-patches () qualcomm com in advance of the posting here? If so, please let me know the details so I can see what happened to the message. If not, I'd like to know why.
The cause for this bug is already identified and the fix is really simple, I didn't see a reason to delay the post. It wasn't my intention to cause you trouble, if I did so, I'm sorry. I had bad experience informing vendors in the past, so I skipped that in this case. For example, some time ago I reported the (non-exploitable) bug in pop_msg.c, line 254f.: free(local_element.mdef_macro); /* From strdup */ return pop_msg(p, POP_SUCCESS, HERE, "Macro \"%s\" accepted", local_element.mdef_macro); and I didn't get a reply. Perhaps you want to fix this flaw too, in fc2. regards, Florian Heinz
Current thread:
- QPopper 4.0.x buffer overflow vulnerability Florian Heinz (Mar 11)
- Re: QPopper 4.0.x buffer overflow vulnerability Torsten Mueller (Mar 12)
- Re: QPopper 4.0.x buffer overflow vulnerability Florian Heinz (Mar 12)
- Re: QPopper 4.0.x buffer overflow vulnerability Randall Gellens (Mar 12)
- Re: QPopper 4.0.x buffer overflow vulnerability Florian Heinz (Mar 12)
- Re: QPopper 4.0.x buffer overflow vulnerability Harald Hellmuth (Mar 13)
- Re: QPopper 4.0.x buffer overflow vulnerability Jaroslaw Zachwieja (Mar 12)
- RE: QPopper 4.0.x buffer overflow vulnerability Jonathan A. Zdziarski (Mar 12)
- <Possible follow-ups>
- Re: QPopper 4.0.x buffer overflow vulnerability Jonas Frey (Mar 11)
- Re: QPopper 4.0.x buffer overflow vulnerability Torsten Mueller (Mar 12)