I successfully managed to execute arbitrary code using the 'mdef'-command with the binary in the most recent debian-package 'qpopper-4.0.4-8'
Our Qube3 appears to be running qpopper-3.0.2. Are there (m)any RaQs running newer versions? How would we find out if it affects the older versions?
pjm
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
