[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
- Subject: RE: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
- From: "Goade, Matthew" <mgoade@xxxxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2003 11:47:00 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I haven't had time to try it, our 4.0.4 may not even be vulnerable.
-----Original Message-----
From: paul jacobs [mailto:paul@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, March 12, 2003 11:31 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] QPopper 4.0.x buffer overflow
vulnerability
At 08:48 AM 3/12/2003, you wrote:
>On Wednesday, March 12, 2003, at 11:31 AM, Goade, Matthew forwarded from
>bugtraq:
>>I successfully managed to execute arbitrary code using the
>>'mdef'-command with the binary in the most recent debian-package
>>'qpopper-4.0.4-8'
>
>Our Qube3 appears to be running qpopper-3.0.2. Are there (m)any RaQs
>running newer versions? How would we find out if it affects the older versions?
>
>pjm
When do you think SUN Cobalt will have a fix for this one?.
Hopefully pkgmaster or solarspeed will have a fix sooner than SUN will.
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
>
Best Regards,
Paul Jacobs / SR. Network Manager
Microsoft MCP 2000 / Cisco Certified
Design / Install / Troubleshoot / Optimize /
Security of WANs / LANs / Data Recovery
Mon. - Fri. 9AM - 5PM (619)336-1400
http://www.adv-data.com
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security