FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qpopper format string vulnerability

Affected packages
qpopper < 2.53_1

Details

VuXML ID ebdf65c7-2ca6-11d8-9355-0020ed76ef5a
Discovery 2000-05-23
Entry 2003-12-12

An authenticated user may trigger a format string vulnerability present in qpopper's UIDL code, resulting in arbitrary code execution with group ID `mail' privileges.

References

Bugtraq ID 1241
CVE Name CVE-2000-0442
URL http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt