Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0143

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0143
Last Modified 05 Sep 2008 04:33:35
Published 18 Mar 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0143

Summary

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Vulnerable Systems

Application

  • Qualcomm Qpopper 4.0.1

  • Qualcomm Qpopper 4.0.2

  • Qualcomm Qpopper 4.0.3

  • Qualcomm Qpopper 4.0.4


References

BID - 7058

DEBIAN - DSA-259

XF - qpopper-popmsg-macroname-bo(11516)

BUGTRAQ - 20030310 QPopper 4.0.x buffer overflow vulnerability

SUSE - SuSE-SA:2003:018

GENTOO - GLSA-200303-12

BUGTRAQ - 20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)

BUGTRAQ - 20030312 Re: QPopper 4.0.x buffer overflow vulnerability


Last Updated: 27 May 2016 10:37:48