Qpopper远程内存损坏漏洞

漏洞信息详情

Qpopper远程内存损坏漏洞

CNNVD编号：CNNVD-200303-046
危害等级：超危-->
危害等级：超危
CVE编号： CVE-2003-0143
漏洞类型：缓冲区溢出
发布时间： 2003-03-18
威胁类型：远程
更新时间： 2005-05-13
厂商： qualcomm
漏洞来源： .');">The discovery of t...

漏洞简介

Qpopper 4.0.5fc2之前4.0.x版本的pop_msg函数在Qvsnprintf调用消息缓冲区后没有将其空终止，认证用户可以借助带有超长宏名称的mdef命令的缓冲区溢出执行任意代码。

漏洞公告

Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below. SuSE has released a security advisory (SuSE-SA:2003:018) which contains fixes for this issue. Users are advised to upgrade as soon as possible. Gentoo Linux have released an advisory that addresses this vulnerability (200303-12), users who are running net-mail/qpopper are advised to upgrade to qpopper-4.0.5 by issuing the following commands: emerge sync emerge qpopper emerge clean Debian has released a security advisory (DSA-259-1) which contains fixes for this issue. Users are advised to upgrade as soon as possible. Qpopper version 4.0.5fc2 contains fixes for this issue. The vendor has also reported that the final version of 4.0.5 is pending release, and will also contain the fixes for this issue. *** Additional information has been released which puts in question the changes made in Qpopper version 4.0.5fc2. As a result, users who have updated Qpopper may still be affected by this issue. Further details are available in the references section. Sun Cobalt RaQ XTR

Sun RaQXTR-All-Security-1.0.1-16409.pkg http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16409.pkg

Qualcomm qpopper 4.0.1

Qualcomm Qpopper 4.0.5fc2 ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/

Qualcomm qpopper 4.0.2

Qualcomm Qpopper 4.0.5fc2 ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/

Qualcomm qpopper 4.0.3

Qualcomm Qpopper 4.0.5fc2 ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/
S.u.S.E. qpopper-4.0.3-178.i386.patch.rpmSuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/qpopper-4.0.3-178.i386. patch.rpm
S.u.S.E. qpopper-4.0.3-178.i386.rpmSuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/qpopper-4.0.3-178.i386. rpm
S.u.S.E. qpopper-4.0.3-178.src.rpmSuSE-8.0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/qpopper-4.0.3-178.src. rpm

Qualcomm qpopper 4.0.4

Debian qpopper-drac_4.0.4-2.woody.3_alpha.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_alpha.deb
Debian qpopper-drac_4.0.4-2.woody.3_arm.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_arm.deb
Debian qpopper-drac_4.0.4-2.woody.3_hppa.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_hppa.deb
Debian qpopper-drac_4.0.4-2.woody.3_i386.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_i386.deb
Debian qpopper-drac_4.0.4-2.woody.3_ia64.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_ia64.deb
Debian qpopper-drac_4.0.4-2.woody.3_m68k.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_m68k.deb
Debian qpopper-drac_4.0.4-2.woody.3_mips.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_mips.deb
Debian qpopper-drac_4.0.4-2.woody.3_mipsel.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_mipsel.deb
Debian qpopper-drac_4.0.4-2.woody.3_powerpc.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_powerpc.deb
Debian qpopper-drac_4.0.4-2.woody.3_s390.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_s390.deb
Debian qpopper-drac_4.0.4-2.woody.3_sparc.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_sparc.deb
Debian qpopper_4.0.4-2.woody.3_alpha.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_alpha.deb
Debian qpopper_4.0.4-2.woody.3_arm.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_arm.deb
Debian qpopper_4.0.4-2.woody.3_hppa.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_hppa.deb
Debian qpopper_4.0.4-2.woody.3_i386.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_i386.deb
Debian qpopper_4.0.4-2.woody.3_ia64.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_ia64.deb
Debian qpopper_4.0.4-2.woody.3_m68k.debDebian 3.0 (stable) http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_m68k.deb
Debian qpopper_4.0.4-2.woody.3_mips.debDebian 3.0 (stable)

参考网址

来源: BID 名称: 7058 链接:http://www.securityfocus.com/bid/7058 来源: DEBIAN 名称: DSA-259 链接:http://www.debian.org/security/2003/dsa-259 来源: XF 名称: qpopper-popmsg-macroname-bo(11516) 链接:http://xforce.iss.net/xforce/xfdb/11516 来源: BUGTRAQ 名称: 20030310 QPopper 4.0.x buffer overflow vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2 来源: SUSE 名称: SuSE-SA:2003:018 链接:http://www.novell.com/linux/security/advisories/2003_018_qpopper.html 来源: GENTOO 名称: GLSA-200303-12 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104792541215354&w=2 来源: BUGTRAQ 名称: 20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104768137314397&w=2 来源: BUGTRAQ 名称: 20030312 Re: QPopper 4.0.x buffer overflow vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104748775900481&w=2

受影响实体

Qualcomm Qpopper:4.0.4
Qualcomm Qpopper:4.0.3
Qualcomm Qpopper:4.0.2
Qualcomm Qpopper:4.0.1

补丁

暂无

正文

Qpopper远程内存损坏漏洞

漏洞信息详情