• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Qualcomm qpopper Remote Buffer Overflow Vulnerability

Solution:
The newest version, qpopper3.0b22 (which is patched), is available at:

ftp://ftp.qualcomm.com/eudora/servers/unix/popper/

This is a temporary patch, provided by Mixter <mixter@newyorkoffice.com> in his post to BugTraq.
# apply this in the qpopper3.0b20/popper/ directory with patch < qp3b20.patch
--- pop_msg.c.old Mon Nov 29 23:42:03 1999
+++ pop_msg.c Mon Nov 29 23:52:08 1999
@@ -65,7 +65,7 @@
/* Append the message (formatted, if necessary) */
if (format) {
#ifdef HAVE_VPRINTF
- vsprintf(mp,format,ap);
+ vsnprintf(mp,MAXLINELEN - 100, format,ap);
#else
# ifdef PYRAMID
arg1 = va_arg(ap, char *);
@@ -74,9 +74,9 @@
arg4 = va_arg(ap, char *);
arg5 = va_arg(ap, char *);
arg6 = va_arg(ap, char *);
- (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);
+ (void)sprintf(mp,MAXLINELEN - 100, format, arg1, arg2, arg3, arg4, arg5, arg6);
# else
- (void)sprintf(mp,format,((int *)ap)[0],((int *)ap)[1],((int *)ap)[2],
+ (void)sprintf(mp,MAXLINELEN - 100, format,((int *)ap)[0],((int *)ap)[1],((int *)ap)[2],
((int *)ap)[3],((int *)ap)[4]);
# endif
#endif