BACKGROUND
Buffer overrun vulnerabilities have been discovered in the
Qpopper POP server for UNIX from Qualcomm, Inc.
SYSTEMS AFFECTED
All systems running Qpopper versions prior to 2.51.
PROBLEM
Several buffer overrun vulnerabilities have been discovered in
the Qpopper POP3 server freely available from Qualcomm, Inc.
Exploit code has been released to the Internet, and scans for the
vulnerability have been detected on NASA systems. As of now, it
appears that the vulnerability is not system-specific, and
exploit code for several architectures has been released.
RECOMMENDED ACTIONS
Administrators should disable access to Qpopper, and upgrade to
version 2.51, released July 1, 1998. The updated source code is
available from:
ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper2.51.tar.Z
Kyle
[EMAIL PROTECTED]
