Re: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability

Subject: Re: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
From: Parker Morse <morse@xxxxxxxxxxx>
Date: Wed, 12 Mar 2003 11:48:29 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wednesday, March 12, 2003, at 11:31 AM, Goade, Matthew forwarded frombugtraq:

I successfully managed to execute arbitrary code using the
'mdef'-command with the binary in the most recent debian-package
'qpopper-4.0.4-8'

Our Qube3 appears to be running qpopper-3.0.2. Are there (m)any RaQsrunning newer versions? How would we find out if it affects the olderversions?

pjm

Follow-Ups:
- Re: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
  - From: paul jacobs

References:
- [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
  - From: Goade, Matthew

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index