Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)
From: Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>
Date: 06 Jun 2001 00:02:56 +0200

Roman Drahtmueller <draht () suse de> writes:

We hope that this information is accurate. Version 4.0.2 is not on the ftp
server any more, and there is no patch from 4.0.2 to 4.0.3.
We currently feel handicapped in our efforts to check the code for the
changes wrt the buffer overflow.

Fortunately, there are mirrors.  The problem is that 4.0.2 discovered
the buffer overflow attempt, even logged it via syslog(), but failed
to actually truncate the string and copied the original one to a
buffer of bounded length.

However, I agree that removing the previous version and not providing
a diff is extremely counterproductive.

Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]