[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
- Subject: RE: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
- From: webmaster <webmaster@xxxxxxxxx>
- Date: Thu, 13 Mar 2003 15:59:59 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> -----Original Message-----
> From: Parker Morse [mailto:morse@xxxxxxxxxxx]
> Sent: Wednesday, March 12, 2003 10:48 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] QPopper 4.0.x buffer overflow
> vulnerability
>
>
> On Wednesday, March 12, 2003, at 11:31 AM, Goade, Matthew
> forwarded from
> bugtraq:
> > I successfully managed to execute arbitrary code using the
> > 'mdef'-command with the binary in the most recent debian-package
> > 'qpopper-4.0.4-8'
>
> Our Qube3 appears to be running qpopper-3.0.2. Are there (m)any RaQs
> running newer versions? How would we find out if it affects the older
> versions?
>
> pjm
>
Has anyone confirmed that the RAQ2's are or are not affected by this vuln?
What about a 4.0.4+ package for the MIPS guys?