Test ID:	1.3.6.1.4.1.25623.1.0.11376
Category:	Gain a shell remotely
Title:	qpopper Qvsnprintf buffer overflow
Summary:	NOSUMMARY
Description:	Description: The remote qpopper server, according to its banner, is vulnerable to a one-byte overflow it its function Qvsnprintf(). An attacker may use this flaw to gain a (non-root) shell on this host, provided that he has a valid POP account to log in with. *** This test could not confirm the existence of the *** problem - it relied on the banner being returned. Solution : Upgrade to version 4.0.5cf2 or newer Risk factor : High
Cross-Ref:	BugTraq ID: 7058 Common Vulnerability Exposure (CVE) ID: CVE-2003-0143 http://www.securityfocus.com/bid/7058 Bugtraq: 20030310 QPopper 4.0.x buffer overflow vulnerability (Google Search) http://marc.info/?l=bugtraq&m=104739841223916&w=2 Bugtraq: 20030312 Re: QPopper 4.0.x buffer overflow vulnerability (Google Search) http://marc.info/?l=bugtraq&m=104748775900481&w=2 Bugtraq: 20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper) (Google Search) http://marc.info/?l=bugtraq&m=104768137314397&w=2 Debian Security Information: DSA-259 (Google Search) http://www.debian.org/security/2003/dsa-259 http://marc.info/?l=bugtraq&m=104792541215354&w=2 SuSE Security Announcement: SuSE-SA:2003:018 (Google Search) http://www.novell.com/linux/security/advisories/2003_018_qpopper.html XForce ISS Database: qpopper-popmsg-macroname-bo(11516) https://exchange.xforce.ibmcloud.com/vulnerabilities/11516
Copyright	This script is Copyright (C) 2003 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.