PT-2005-3928 · Qualcomm · Qpopper

Kcope

Published

2005-09-28

Updated

2011-03-08

CVE-2005-3098

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Qualcomm qpopper version 4.0.8

Description The issue allows local users to modify arbitrary files and gain privileges. This is achieved via the command line argument, specifically the -t option for specifying a trace file.

Recommendations For version 4.0.8, avoid using the -t command line argument to minimize the risk of exploitation. Consider restricting access to the poppassd service until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3098

Affected Products

Qpopper

PT-2005-3928 · Qualcomm · Qpopper

CVE-2005-3098

Related Identifiers

Affected Products

References · 7