Summary
The remote qpopper server, according to its banner, is running version 4.0.3 or version 4.0.4. These versions are vulnerable to a buffer overflow if they are configured to allow the processing of a user's ~/.qpopper-options file.
A local user can cause a buffer overflow by setting the bulldir variable to something longer than 256 characters.
*** This test could not confirm the existence of the *** problem - it relied on the banner being returned.
Solution
Upgrade to the latest version, or disable
processing of user option files.
Severity
Classification
-
CVE CVE-2001-1046 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability
- BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
- Beatport Player '.m3u' File Buffer Overflow Vulnerability