PT-2001-2575 · Qualcomm · Qpopper

Published

2001-12-31

Updated

2017-07-11

CVE-2001-1487

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Qualcomm Qpopper versions 4.0 and earlier

Description The issue allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.

Recommendations For Qualcomm Qpopper versions 4.0 and earlier, consider removing the -trace file option or restricting its use to prevent symlink attacks until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1487

Affected Products

Qpopper

PT-2001-2575 · Qualcomm · Qpopper

CVE-2001-1487

Related Identifiers

Affected Products

References · 4