BugTraq
QPopper 4.0.x buffer overflow vulnerability Mar 10 2003 02:31PM
Florian Heinz (heinz cronon-ag de) (3 replies)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 01:19PM
Jaroslaw Zachwieja (grok tnt pl) (1 replies)
RE: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 05:03PM
Jonathan A. Zdziarski (jonathan networkdweebs com)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 09:33AM
Torsten Mueller (torsten archesoft de) (1 replies)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 09:55AM
Florian Heinz (heinz cronon-ag de)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 03:05AM
Randall Gellens (rg_public 1 flagg qualcomm com) (2 replies)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 13 2003 07:12AM
Harald Hellmuth (hh hostserver de)
Re: QPopper 4.0.x buffer overflow vulnerability Mar 12 2003 04:05AM
Florian Heinz (heinz cronon-ag de)
On Tue, Mar 11, 2003 at 07:05:51PM -0800, Randall Gellens wrote:
> The first I heard of the problem was this morning. Was any notice
> sent to qpopper-bugs (at) qualcomm (dot) com [email concealed] or qpopper-patches (at) qualcomm (dot) com [email concealed] in
> advance of the posting here? If so, please let me know the details
> so I can see what happened to the message. If not, I'd like to know
> why.

The cause for this bug is already identified and the fix is really
simple, I didn't see a reason to delay the post. It wasn't my intention
to cause you trouble, if I did so, I'm sorry. I had bad experience
informing vendors in the past, so I skipped that in this case.
For example, some time ago I reported the (non-exploitable) bug in
pop_msg.c, line 254f.:
free(local_element.mdef_macro); /* From strdup */
return pop_msg(p, POP_SUCCESS, HERE, "Macro \"%s\" accepted",
local_element.mdef_macro);
and I didn't get a reply. Perhaps you want to fix this flaw too, in fc2.

regards,

Florian Heinz

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus