qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution
Medium Nessus Network Monitor Plugin ID 1784
SynopsisAn attacker can gain an unprivileged shell on the remote system.
DescriptionThe system is using qpopper 2.53 (or newer in the 2.5x series). There is a problem in this server that allows users who have a pop account to gain a shell with the gid 'mail' by sending to themselves a specially crafted mail.
SolutionUpgrade to version 3.0.1b2 or higher.