PT-2003-1397 · Qpopper · Qpopper

Daniel Ahlberg

Published

2003-03-18

Updated

2017-10-10

CVE-2003-0143

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: qpopper versions 4.0.x through 4.0.5fc1

Description: The issue is related to the pop msg function, which does not properly null terminate a message buffer after calling Qvsnprintf. This could potentially allow authenticated users to execute arbitrary code via a buffer overflow when using a mdef command with a long macro name.

Recommendations: For qpopper versions 4.0.x through 4.0.5fc1, update to version 4.0.5fc2 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0143

DSA-259

Affected Products

Qpopper

PT-2003-1397 · Qpopper · Qpopper

CVE-2003-0143

Related Identifiers

Affected Products

References · 10