All reported buffer overruns are fixed in qpopper3.0b22, which is available at <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>. In addition, other users of '%s' were examined and limited applied to some which could theoretically cause a crash. > Message-ID: <Pine.LNX.4.10.9911301500310.26891-200000at_private> > Date: Tue, 30 Nov 1999 15:25:25 -0500 > Reply-To: Lucid Solutions <lucidat_private> > Sender: Bugtraq List <BUGTRAQat_private> > From: Lucid Solutions <lucidat_private> > Subject: qpop3.0b20 and below - notes and exploit > > I found this overflow myself earlier this month. Seems someone > else recently found it before Qualcomm was able to issue a patch. The 2.x > series is not vunlnerable because AUTH is not yet supported and the error > returned by attempting to use AUTH does not call pop_msg() with any user > input. > > There is also another overflow besides the AUTH overflow which can > occur if a valid username and password are first entered also occuring in > pop_msg(). > pop_get_subcommand.c contains this line near the bottom in qpopper3.0b20: > pop_msg(p,POP_FAILURE, > "Unknown command: \"%s %s\".",p->pop_command,p->pop_subcommand); >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:16:28 PDT