Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
BID:1242
Info
Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
| Bugtraq ID: | 1242 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 24 2000 12:00AM |
| Updated: | May 24 2000 12:00AM |
| Credit: | Discovered by Prizm <[email protected]> and posted in a buffer0verfl0w security advisory (b0f-SA2000-005) on May 23, 2000. |
| Vulnerable: |
Qualcomm qpopper 2.53 Qualcomm qpopper 2.52 Cobalt RaQ 3.0 Cobalt RaQ 2.0 |
| Not Vulnerable: |
Qualcomm qpopper 3.1 Qualcomm qpopper 3.0.2 Qualcomm qpopper 3.0.1 Qualcomm qpopper 3.0 |
Discussion
Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatting strings in the "From:" field in a mail header, and then issuing, as the user the mail was sent to, a 'euidl' command, it is possible to execute arbitrary code. This code will execute as the user executing the euidl command, but with group 'mail' permissions on hosts running qpopper in that group. This is often done due to mail spool permissions.
This vulnerability does not exist in versions after 2.53. It also requires an account on the machine.
A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatting strings in the "From:" field in a mail header, and then issuing, as the user the mail was sent to, a 'euidl' command, it is possible to execute arbitrary code. This code will execute as the user executing the euidl command, but with group 'mail' permissions on hosts running qpopper in that group. This is often done due to mail spool permissions.
This vulnerability does not exist in versions after 2.53. It also requires an account on the machine.
Exploit / POC
Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
Solution:
Upgrading to versions 3.0.1 or later of qpopper is recommended by the vendor.
Qualcomm qpopper 2.52
Qualcomm qpopper 2.53
Solution:
Upgrading to versions 3.0.1 or later of qpopper is recommended by the vendor.
Qualcomm qpopper 2.52
-
Qualcomm qpopper 3.0.2
http://www.eudora.com/qpopper/#CURRENT
Qualcomm qpopper 2.53
-
Qualcomm qpopper 3.0.2
http://www.eudora.com/qpopper/#CURRENT
References
Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
References:
References: