drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in qpopper
Name: |
Pufferüberlauf in qpopper
|
|
ID: |
200303-12 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 18. März 2003, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Qpopper |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
--------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-12 ---------------------------------------------------------------------
PACKAGE : qpopper SUMMARY : buffer overflow DATE : 2003-03-17 09:50 UTC EXPLOIT : remote VERSIONS AFFECTED : <4.0.5 FIXED VERSION : >=4.0.5 CVE : CAN-2003-0143
---------------------------------------------------------------------
- From advisory:
"Under certain conditions it is possible to execute arbitrary code using a buffer overflow in the recent qpopper.
You need a valid username/password-combination and code is (depending on the setup) usually executed with the user's uid and gid mail."
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-mail/qpopper upgrade to qpopper-4.0.5 as follows:
emerge sync emerge qpopper emerge clean
--------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+dZp5fT7nyhUpoZMRAq9XAJsFyPbrwFb1CcvL59jEKtAoymZzTwCeIw4Z p8IXHapfnjyZM1j7pcN+nW8= =OPDK -----END PGP SIGNATURE-----
|
|
|
|