[1503] in linux-security and linux-alert archive
[linux-security] Re: Is qpopper vulnerable?? Re: CERT Advisory CA-97.09 - Vulnerability in IMAP and POP
daemon@ATHENA.MIT.EDU (Edward Siewick)
Wed Apr 9 02:03:46 1997
From: esiewick@digipro.com (Edward Siewick)
To: linux-security@redhat.com
Date: Tue, 8 Apr 1997 11:00:15 -0400 (EDT)
In-Reply-To: <Pine.SUN.3.96.970407232421.18286B-100000@eskimo.com> from "Daniel Pewzner" at Apr 7, 97 11:33:35 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Daniel Pewzner & Co.,
> I've got qualcomm's qpopper2.2, and am not sure if its vulnerable. The
>advisory mentions pop and imap servers, but only says:
>
> version of IMAP (Section B). If your POP server is based on the
> University of Washington IMAP server code, you should also upgrade to
> the latest version of IMAP. Until you can take one of these actions,
>
>I installed the new imapd about 3 weeks ago. I'm just uptight that the
>qualcomm qpopper may be vulnerable too. Has anyone with the ability to
>disect the code taken a good look? Thanks, Dan
The answer I received from QualComm's Praveen Yaramada was:
>qpopper is NOT prone to the problem specified in CA-97.09.
>
>>You've probably been asked this a few times already. But is qpop
>>vulnerable to the "buffer overflow" problem described in today's CERT
>>Advisory CA-97.09 concerning imapd, ipop2d, and ipop3d?
>
>Thanks for the quick reply. You might want to send a quick note to CERT
>asking them to add a reference to qpopper to their advisory. It might
>prevent your seeing a lot more of these notes. Just a thought.
Edward Siewick
--
ESiewick@DigiPro.com DigiPro Digital Productions, LLC
Voice: 703-522-8465 3100 North Quincy Street
Fax: 703-522-8417 Arlington, Virginia 22207