[25314] in bugtraq
Re: QPopper 4.0.4 buffer overflow
daemon@ATHENA.MIT.EDU (J Mike Rollins)
Tue Apr 30 11:53:09 2002
Date: Tue, 30 Apr 2002 09:43:53 -0400 (EDT)
From: J Mike Rollins <rollins@wfu.edu>
To: bugtraq@securityfocus.com
In-Reply-To: <006d01c1e768$56cc01f0$7507b33e@luscinia>
Message-ID: <Pine.A41.4.44.0204300933470.54734-100000@f1n11.spenet.wfu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> Affected versions 4.0.3 and 4.0.4. default install.
> Servers, not processing user`s configuration file
> (~/.qpopper-options) are insensible to this bug.
Our testing has shown that you must use the -u parameter to be susceptible
to this vulnerability.
If you don't use the -u parameter for qpopper this file is not accessed.
You can use the -d parameter to view the debug output to verify this.
Mike
UNIX Systems Administrator at Wake Forest University.
======================================================================
J. Mike Rollins rollins@wfu.edu
Wake Forest University http://www.wfu.edu/~rollins
Winston-Salem, NC work: (336) 758-1938
======================================================================
