icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution

Medium

Synopsis

An attacker can gain an unprivileged shell on the remote system.

Description

The system is using qpopper 2.53 (or newer in the 2.5x series). There is a problem in this server that allows users who have a pop account to gain a shell with the gid 'mail' by sending to themselves a specially crafted mail.

Solution

Upgrade to version 3.0.1b2 or higher.