search for: pop_msg

...ble, along with all previous 3.0 versions. I advise everyone running qpop3.0b servers to shut down the server IMMEDIATELY by disabling the entry in inetd.conf and then downgrading to v2.53 or another program until an official patch has been released. Details: The buffer overflow(s) are present in pop_msg.c (sounds familiar..) starting at line 68. All configurations and different builds seem to be vulnerable, as either vsprintf or sprintf are used, which both do not check bounds on the input buffers for each argument. Exploiting: The overflow code should not contain characters 0x0c/x17/x20, because...

Hello, Anyone have information on whether RedHat-5.0+ is affected by the recent (today's) CERT advisory regarding QPOP? thanks, -bp -- B. James Phillippe <bryan@terran.org> Linux Software Engineer, WGT Inc. http://earth.terran.org/~bryan