Re: QPopper 4.0.4 buffer overflow

From: J Mike Rollins (rollinsat_private)
Date: Tue Apr 30 2002 - 06:43:53 PDT

Next message: Peter Gründl: "KPMG-2002016: Bea Weblogic incorrect URL parsing issues"

Previous message: GreyMagic Software: "Reading local files in Netscape 6 and Mozilla (GM#001-NS)"
In reply to: Bronek Kozicki: "Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Affected versions 4.0.3 and 4.0.4. default install.
> Servers, not processing user`s configuration file
> (~/.qpopper-options) are insensible to this bug.

Our testing has shown that you must use the -u parameter to be susceptible
to this vulnerability.

If you don't use the -u parameter for qpopper this file is not accessed.

You can use the -d parameter to view the debug output to verify this.

Mike

      UNIX Systems Administrator at Wake Forest University.
======================================================================
          J. Mike Rollins              rollinsat_private
     Wake Forest University     http://www.wfu.edu/~rollins
        Winston-Salem, NC            work: (336) 758-1938
======================================================================

Next message: Peter Gründl: "KPMG-2002016: Bea Weblogic incorrect URL parsing issues"
Previous message: GreyMagic Software: "Reading local files in Netscape 6 and Mozilla (GM#001-NS)"
In reply to: Bronek Kozicki: "Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 08:38:51 PDT