• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Qpopper Multiple Insecure File Handling Vulnerabilities

Qpopper is susceptible to multiple insecure file handling vulnerabilities. These issues are due to a failure of the application to properly drop superuser privileges when accessing certain files.

Qpopper also fails to properly set the process umask, potentially allowing it to create group or world writeable files.

Insufficient information is available at this time to properly describe the affects of these issues. It is conjectured that these issues may allow for local information disclosure, aiding in further attacks.