Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: SNS Research (vuln-devGREYHACK.COM)
Date: Fri Apr 13 2001 - 14:12:23 CDT
Strumpf Noir Society Advisories
! Public release !
-= QPC POPd Buffer Overflow Vulnerability =-
Release date: Saturday, April 14, 2001
QPC's popd is the pop3 mailserver component of the company's
QVT/NET product line for MS Windows.
The popd and the rest of the QVT/Net product line is available
from vendor QPC's website: http://www.qpc.com
The pop daemon that ships with the QVT/NET software suite contains
an unchecked buffer in the logon function. When a username or
password of 584 bytes or more gets fed to the server the buffer
will overflow and will trigger an access violation, after which
the server dies.
Vendor QPC was notified but has yet to respond.
This was tested against QVT/Net Popd 4.20 coming with the QVT/Net
5.0 suite, running on MS Win2k.
Free sk8! (http://www.freesk8.org)
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!