All reported buffer overruns are fixed in qpopper3.0b22, which is
available at <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
In addition, other users of '%s' were examined and limited applied to
some which could theoretically cause a crash.
> Message-ID: <[EMAIL PROTECTED]>
> Date: Tue, 30 Nov 1999 15:25:25 -0500
> Reply-To: Lucid Solutions <[EMAIL PROTECTED]>
> Sender: Bugtraq List <[EMAIL PROTECTED]>
> From: Lucid Solutions <[EMAIL PROTECTED]>
> Subject: qpop3.0b20 and below - notes and exploit
>
> I found this overflow myself earlier this month. Seems someone
> else recently found it before Qualcomm was able to issue a patch. The 2.x
> series is not vunlnerable because AUTH is not yet supported and the error
> returned by attempting to use AUTH does not call pop_msg() with any user
> input.
>
> There is also another overflow besides the AUTH overflow which can
> occur if a valid username and password are first entered also occuring in
> pop_msg().
> pop_get_subcommand.c contains this line near the bottom in qpopper3.0b20:
> pop_msg(p,POP_FAILURE,
> "Unknown command: \"%s %s\".",p->pop_command,p->pop_subcommand);
>
