[12822] in bugtraq
Re: [lucid@TERRA.NEBULA.ORG: qpop3.0b20 and below - notes and
daemon@ATHENA.MIT.EDU (Qpopper Support)
Thu Dec 2 15:03:04 1999
Mime-Version: 1.0
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Message-Id: <v04220823b46b683799c3@129.46.219.80>
Date: Wed, 1 Dec 1999 16:11:01 -0800
Reply-To: Qpopper Support <qpopper@QUALCOMM.COM>
From: Qpopper Support <qpopper@QUALCOMM.COM>
X-To: BUGTRAQ@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991201095403.A4292@funghi.com>
All reported buffer overruns are fixed in qpopper3.0b22, which is
available at <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
In addition, other users of '%s' were examined and limited applied to
some which could theoretically cause a crash.
> Message-ID: <Pine.LNX.4.10.9911301500310.26891-200000@terra.nebula.org>
> Date: Tue, 30 Nov 1999 15:25:25 -0500
> Reply-To: Lucid Solutions <lucid@TERRA.NEBULA.ORG>
> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
> From: Lucid Solutions <lucid@TERRA.NEBULA.ORG>
> Subject: qpop3.0b20 and below - notes and exploit
>
> I found this overflow myself earlier this month. Seems someone
> else recently found it before Qualcomm was able to issue a patch. The 2.x
> series is not vunlnerable because AUTH is not yet supported and the error
> returned by attempting to use AUTH does not call pop_msg() with any user
> input.
>
> There is also another overflow besides the AUTH overflow which can
> occur if a valid username and password are first entered also occuring in
> pop_msg().
> pop_get_subcommand.c contains this line near the bottom in qpopper3.0b20:
> pop_msg(p,POP_FAILURE,
> "Unknown command: \"%s %s\".",p->pop_command,p->pop_subcommand);
>
