POP3 Buffer Overflow - BSD x86 (2)
This signature detects attempts to exploit the user name routine vulnerability in POP3 running on BSD. Attackers can craft a malicious username causing a buffer overflow, which could allow the execution of arbitrary commands or a denial-of-service condition.
Extended Description
A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version. To determine if you are vulnerable, telnet to port 110 on the possibly vulnerable host. A banner appears, informing you of the version of the pop server. For example: % telnet yourmailhost.your.domain.com 110 Trying 123.123.123.123 Connected to mailhost +OK QPOP (version 2.4) at yourmailhost.your.domain.com starting If any version prior to 2.5 is reported, including 2.5 beta, you should upgrade immediately to the latest version.
Affected Products
Qualcomm qpopper
Short Name
POP3:OVERFLOW:BSD-OFLOW-2
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
POP3
Keywords
(2) - BSD Buffer CA-1998-08 CVE-1999-0006 Overflow POP3 bid:0133 x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Qualcomm
CVSS Score
10.0