POP3 Buffer Overflow - Linux x86
This signature detects attempts to exploit a known vulnerability in POP3 running on Linux. Attackers can submit a large command to create a buffer overflow and gain root access.
Extended Description
A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version. To determine if you are vulnerable, telnet to port 110 on the possibly vulnerable host. A banner appears, informing you of the version of the pop server. For example: % telnet yourmailhost.your.domain.com 110 Trying 123.123.123.123 Connected to mailhost +OK QPOP (version 2.4) at yourmailhost.your.domain.com starting If any version prior to 2.5 is reported, including 2.5 beta, you should upgrade immediately to the latest version.
Affected Products
Qualcomm qpopper
Short Name
POP3:OVERFLOW:LINUX-OFLOW
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
POP3
Keywords
- Buffer CA-1998-08 CVE-1999-0006 Linux Overflow POP3 bid:133 x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Qualcomm
CVSS Score
10.0