Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution

Medium

Synopsis

An attacker can gain an unprivileged shell on the remote system.

Description

The system is using qpopper 2.53 (or newer in the 2.5x series). There is a problem in this server that allows users who have a pop account to gain a shell with the gid 'mail' by sending to themselves a specially crafted mail.

Solution

Upgrade to version 3.0.1b2 or higher.