Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

qpopper Options File Buffer Overflow

Critical

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote qpopper server, according to its banner, is running version 4.0.3 or version 4.0.4. These versions are vulnerable to a buffer overflow if they are configured to allow the processing of a user's ~/.qpopper-options file. A local user can cause a buffer overflow by setting the bulldir variable to something longer than 256 characters. *** This test could not confirm the existence of the problem - it relied on the banner being returned. ***

Solution

Upgrade to the latest version, or disable processing of user option files.