Qualcomm qpopper Username Buffer Overflow Vulnerability

Qualcomm popper, or 'qpopper', is a POP3 server, enabling POP3 clients to read and download mail.

In version 4, a buffer overflow vulnerability was introduced into the qpopper source tree. This buffer overflow is related to handling of the client-supplied username and is present when a POP3 session is being initiated.

It is believed that the overflow occurs before authentication, so it may not be required that users have valid POP accounts.

This vulnerability can lead to a compromise of root privileges to remote attackers.


Privacy Statement
Copyright 2010, SecurityFocus