Signature Detail

POP3 Buffer Overflow - BSD x86 (1)

This signature detects attempts to exploit the user name routine vulnerability in POP3 running on BSD. Attackers can craft a malicious username causing a buffer overflow, which could allow the execution of arbitrary commands with increasing privilege levels.

Extended Description

A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version. To determine if you are vulnerable, telnet to port 110 on the possibly vulnerable host. A banner appears, informing you of the version of the pop server. For example: % telnet yourmailhost.your.domain.com 110 Trying 123.123.123.123 Connected to mailhost +OK QPOP (version 2.4) at yourmailhost.your.domain.com starting If any version prior to 2.5 is reported, including 2.5 beta, you should upgrade immediately to the latest version.

Affected Products

• Qualcomm qpopper 2.4.0

References

• BugTraq: 133
• CERT: CA-1998-08
• CVE: CVE-1999-0006
• URL: http://www.securityfocus.com/advisories/261
• URL: http://www.eudora.com/download/eudora/qpopper/4.0/free/final/Qpopper.pdf
• URL: http://www.securiteam.com/unixfocus/5PP070A75K.html