Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit]
From: qpopper () QUALCOMM COM (Qpopper Support)
Date: Wed, 1 Dec 1999 16:11:01 -0800


All reported buffer overruns are fixed in qpopper3.0b22, which is
available at <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.

In addition, other users of '%s' were examined and limited applied to
some which could theoretically cause a crash.

 Message-ID:  <Pine.LNX.4.10.9911301500310.26891-200000 () terra nebula org>
 Date:         Tue, 30 Nov 1999 15:25:25 -0500
 Reply-To: Lucid Solutions <lucid () TERRA NEBULA ORG>
 Sender: Bugtraq List <BUGTRAQ () SECURITYFOCUS COM>
 From: Lucid Solutions <lucid () TERRA NEBULA ORG>
 Subject:      qpop3.0b20 and below - notes and exploit

      I found this overflow myself earlier this month.  Seems someone
 else recently found it before Qualcomm was able to issue a patch. The 2.x
 series is not vunlnerable because AUTH is not yet supported and the error
 returned by attempting to use AUTH does not call pop_msg() with any user
 input.

      There is also another overflow besides the AUTH overflow which can
 occur if a valid username and password are first entered also occuring in
 pop_msg().
 pop_get_subcommand.c contains this line near the bottom in qpopper3.0b20:
     pop_msg(p,POP_FAILURE,
             "Unknown command: \"%s %s\".",p->pop_command,p->pop_subcommand);



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]