Executive Summary
Summary | |
---|---|
Title | qpopper user privilege escalation |
Informations | |||
---|---|---|---|
Name | DSA-259 | First vendor Publication | 2003-03-12 |
Vendor | Debian | Last vendor Modification | 2003-03-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Florian Heinz The qpopper package in Debian 2.2 (potato) does not include the vulnerable snprintf implementation. For Debian 3.0 (woody) an updated package is available in version 4.0.4-2.woody.3. Users running an unreleased version of Debian should upgrade to 4.0.4-9 or newer. We recommend you upgrade your qpopper package immediately. |
Original Source
Url : http://www.debian.org/security/2003/dsa-259 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 259-1 (qpopper) File : nvt/deb_259_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9794 | Qpopper pop_msg() Macroname Remote Overflow A remote overflow exists in Qpopper. The server fails to properly check the length of macronames supplied to the pop_msg() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or potentially execute arbitrary code. This attack requires valid user authentication credentials. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-259.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_018.nasl - Type : ACT_GATHER_INFO |
2003-03-13 | Name : Arbitrary code may be run on the remote host. File : qpopper_qvsnprinf_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:31 |
|