Published: 18/03/2003 Updated: 10/10/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The pop_msg function in qpopper 4.0.x prior to 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qualcomm qpopper 4.0.4
qualcomm qpopper 4.0.2
qualcomm qpopper 4.0.3
qualcomm qpopper 4.0.1

Florian Heinz heinz@cronon-agde posted to the Bugtraq mailing list an exploit for qpopper based on a bug in the included vsnprintf implementation The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system Since the Qvsnprintf f ...

source: wwwsecurityfocuscom/bid/7058/info A memory corruption vulnerability has been discovered in Qpopper version 404 and earlier The vulnerability occurs when calling the 'mdef' command and a malicious macro name is supplied By filling a target buffer with a malicious macro name it may be possible to trigger a procedure that would ...

NVD-CWE-Other http://www.debian.org/security/2003/dsa-259 http://www.securityfocus.com/bid/7058 http://www.novell.com/linux/security/advisories/2003_018_qpopper.html http://marc.info/?l=bugtraq&m=104792541215354&w=2 http://marc.info/?l=bugtraq&m=104748775900481&w=2 http://marc.info/?l=bugtraq&m=104768137314397&w=2 http://marc.info/?l=bugtraq&m=104739841223916&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/11516 https://nvd.nist.gov https://www.debian.org/security/./dsa-259 https://www.exploit-db.com/exploits/22342/

CVE-2003-0143

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect