|
|
Qualcomm POP Server Buffer Overflow Vulnerability
A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version. To determine if you are vulnerable, telnet to port 110 on the possibly vulnerable host. A banner appears, informing you of the version of the pop server. For example: % telnet yourmailhost.your.domain.com 110 Trying 123.123.123.123 Connected to mailhost +OK QPOP (version 2.4) at yourmailhost.your.domain.com starting If any version prior to 2.5 is reported, including 2.5 beta, you should upgrade immediately to the latest version. |
|
Privacy Statement |