• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Qpopper Remote Memory Corruption Vulnerability

Solution:
Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.

SuSE has released a security advisory (SuSE-SA:2003:018) which contains fixes for this issue. Users are advised to upgrade as soon as possible.

Gentoo Linux have released an advisory that addresses this vulnerability (200303-12), users who are running net-mail/qpopper are advised to upgrade to qpopper-4.0.5 by issuing the following commands:

emerge sync
emerge qpopper
emerge clean

Debian has released a security advisory (DSA-259-1) which contains fixes for this issue. Users are advised to upgrade as soon as possible.

Qpopper version 4.0.5fc2 contains fixes for this issue. The vendor has also reported that the final version of 4.0.5 is pending release, and will also contain the fixes for this issue.

*** Additional information has been released which puts in question the changes made in Qpopper version 4.0.5fc2. As a result, users who have updated Qpopper may still be affected by this issue. Further details are available in the references section.


Sun Cobalt RaQ XTR

• Sun RaQXTR-All-Security-1.0.1-16409.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16409.pkg

Qualcomm qpopper 4.0.1

• Qualcomm Qpopper 4.0.5fc2
  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/

Qualcomm qpopper 4.0.2

• Qualcomm Qpopper 4.0.5fc2
  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/

Qualcomm qpopper 4.0.3

• Qualcomm Qpopper 4.0.5fc2
  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/


• S.u.S.E. qpopper-4.0.3-178.i386.patch.rpm
  SuSE-8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/qpopper-4.0.3-178.i386. patch.rpm


• S.u.S.E. qpopper-4.0.3-178.i386.rpm
  SuSE-8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/qpopper-4.0.3-178.i386. rpm


• S.u.S.E. qpopper-4.0.3-178.src.rpm
  SuSE-8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/qpopper-4.0.3-178.src. rpm

Qualcomm qpopper 4.0.4

• Debian qpopper-drac_4.0.4-2.woody.3_alpha.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_alpha.deb


• Debian qpopper-drac_4.0.4-2.woody.3_arm.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_arm.deb


• Debian qpopper-drac_4.0.4-2.woody.3_hppa.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_hppa.deb


• Debian qpopper-drac_4.0.4-2.woody.3_i386.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_i386.deb


• Debian qpopper-drac_4.0.4-2.woody.3_ia64.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_ia64.deb


• Debian qpopper-drac_4.0.4-2.woody.3_m68k.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_m68k.deb


• Debian qpopper-drac_4.0.4-2.woody.3_mips.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_mips.deb


• Debian qpopper-drac_4.0.4-2.woody.3_mipsel.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_mipsel.deb


• Debian qpopper-drac_4.0.4-2.woody.3_powerpc.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_powerpc.deb


• Debian qpopper-drac_4.0.4-2.woody.3_s390.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_s390.deb


• Debian qpopper-drac_4.0.4-2.woody.3_sparc.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4. 0.4-2.woody.3_sparc.deb


• Debian qpopper_4.0.4-2.woody.3_alpha.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_alpha.deb


• Debian qpopper_4.0.4-2.woody.3_arm.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_arm.deb


• Debian qpopper_4.0.4-2.woody.3_hppa.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_hppa.deb


• Debian qpopper_4.0.4-2.woody.3_i386.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_i386.deb


• Debian qpopper_4.0.4-2.woody.3_ia64.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_ia64.deb


• Debian qpopper_4.0.4-2.woody.3_m68k.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_m68k.deb


• Debian qpopper_4.0.4-2.woody.3_mips.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_mips.deb


• Debian qpopper_4.0.4-2.woody.3_mipsel.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_mipsel.deb


• Debian qpopper_4.0.4-2.woody.3_powerpc.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_powerpc.deb


• Debian qpopper_4.0.4-2.woody.3_s390.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_s390.deb


• Debian qpopper_4.0.4-2.woody.3_sparc.deb
  Debian 3.0 (stable)
  http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2 .woody.3_sparc.deb


• Qualcomm Qpopper 4.0.5fc2
  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/beta/


• S.u.S.E. qpopper-4.0.4-133.i586.patch.rpm
  SuSE-8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/qpopper-4.0.4-133 .i586.patch.rpm


• S.u.S.E. qpopper-4.0.4-133.i586.rpm
  SuSE-8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/qpopper-4.0.4-133 .i586.rpm


• S.u.S.E. qpopper-4.0.4-133.src.rpm
  SuSE-8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/qpopper-4.0.4-133. src.rpm