Qpopper < 3.0.2 LIST Command Local Overflow

Medium Nessus Plugin ID 10197


Arbitrary code may be run on the remote server.


There is a vulnerability in the Qpopper 3.0b package that allows users with a valid account to gain a shell on the system


Upgrade to version 3.0.2 or newer

Plugin Details

Severity: Medium

ID: 10197

File Name: qpopper_list.nasl

Version: $Revision: 1.30 $

Type: remote

Family: Misc.

Published: 2000/01/27

Modified: 2014/05/26

Dependencies: 10870, 10185

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Required KB Items: pop3/login, pop3/password, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/01/26

Reference Information

CVE: CVE-2000-0096

BID: 948

OSVDB: 12483