Qpopper < 3.0.2 LIST Command Local Overflow

medium Nessus Plugin ID 10197

Synopsis

Arbitrary code may be run on the remote server.

Description

There is a vulnerability in the Qpopper 3.0b package that allows users with a valid account to gain a shell on the system

Solution

Upgrade to version 3.0.2 or newer

Plugin Details

Severity: Medium

ID: 10197

File Name: qpopper_list.nasl

Version: 1.31

Type: remote

Family: Misc.

Published: 1/27/2000

Updated: 7/25/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport, pop3/login, pop3/password

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/26/2000

Reference Information

CVE: CVE-2000-0096

BID: 948