Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution



An attacker can gain an unprivileged shell on the remote system.


The system is using qpopper 2.53 (or newer in the 2.5x series). There is a problem in this server that allows users who have a pop account to gain a shell with the gid 'mail' by sending to themselves a specially crafted mail.


Upgrade to version 3.0.1b2 or higher.