|
Vulnerability zpop Affected Netmanage ZPOP v1.1 Description Prism Technologies Ltd. released security advisory about Netmanage ZPOP v1.1 which is base for this one. Credit goes to Mark Dowd and Michael Freeman. This was tested under Linux and Solaris 2.6/SPARC so far. The ZPOP server daemon available from Netmanage contains multiple buffer overflows. Overflows are present upto and including the latest version (ZPOP 1.0 (patchlevel 60423dev) ). It is not believed that any systems ship ZPOP 1.0 by default. Remote users can compromise root access. Solution NetManage has been contacted about releasing a patch, please refer to their website for more information or remove 'zpop' from your system. No patches are available from us since source code is not available to the public.