linux security - Apr 1997 - Is qpopper vulnerable?? Re: CERT Advisory CA-97.09 - Vulnerability in IMAP and POP

I''ve got qualcomm''s qpopper2.2, and am not sure if its
vulnerable.  The
advisory mentions pop and imap servers, but only says:

     version of IMAP (Section B).  If your POP server is based on the
     University of Washington IMAP server code, you should also upgrade to
     the latest version of IMAP. Until you can take one of these actions,

I installed the new imapd about 3 weeks ago.  I''m just uptight that the
qualcomm qpopper may be vulnerable too.  Has anyone with the ability to
disect the code taken a good look?  Thanks, Dan

Daniel Pewzner & Co.,
>  I''ve got qualcomm''s qpopper2.2, and am not sure if its
vulnerable.  The
>advisory mentions pop and imap servers, but only says:
>
>     version of IMAP (Section B).  If your POP server is based on the
>     University of Washington IMAP server code, you should also upgrade to
>     the latest version of IMAP. Until you can take one of these actions,
>
>I installed the new imapd about 3 weeks ago.  I''m just uptight that
the
>qualcomm qpopper may be vulnerable too.  Has anyone with the ability to
>disect the code taken a good look?  Thanks, Dan

The answer I received from QualComm''s Praveen Yaramada was:
>qpopper is NOT prone to the problem specified in CA-97.09.
>
>>You''ve probably been asked this a few times already.  But is
qpop
>>vulnerable to the "buffer overflow" problem described in
today''s CERT
>>Advisory CA-97.09 concerning imapd, ipop2d, and ipop3d?
>
>Thanks for the quick reply.  You might want to send a quick note to CERT
>asking them to add a reference to qpopper to their advisory.  It might
>prevent your seeing a lot more of these notes.  Just a thought.
Edward Siewick


--
  ESiewick@DigiPro.com               DigiPro Digital Productions, LLC
  Voice:  703-522-8465                   3100 North Quincy Street
  Fax:    703-522-8417                  Arlington, Virginia  22207