Title: Qualcomm qpopper Username Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
Qualcomm popper, or 'qpopper', is a POP3 server, enabling POP3 clients to read and download mail.
In version 4, a buffer overflow vulnerability was introduced into the qpopper source tree. The buffer overflow occurs when the server is processing the client-supplied username. The username is copied via strcpy() into another member of the pop session structure, which is allocated locally in the primary session function, qpopper().
Strcpy() is an unsafe libc function. It is an unbounded memory copy; it copies bytes until the end of the string, having no argument for maximum length. If the length of the string is greater than the size of the destination buffer, any excessive data will overwrite neighboring memory.
Because the POP username is a client-supplied string, remote clients can overwrite values in qpopper's stack with arbitrary data. An attacker may be able to replace a function return address with a value pointing to attacker supplied instructions, which will be executed once the function returns.
It is believed that the overflow occurs before authentication, so it may not be required that users have valid POP accounts.
Exploitation of this vulnerability may lead to a compromise of root privileges to remote attackers.
Affected Products:
- Qualcomm qpopper 4.0.0
- Qualcomm qpopper 4.0.1
- Qualcomm qpopper 4.0.2
- RedHat Linux 7.0.0
- RedHat Linux 7.1.0
- Sun Cobalt RaQ 4
References:
- Qualcomm: Qpopper Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
