TUCoPS :: Unix :: General :: zpopbo.htm

ZPOP Multiple Buffer Overflows
Vulnerability

    zpop

Affected

    Netmanage ZPOP v1.1

Description

    Prism Technologies Ltd. released security advisory about Netmanage
    ZPOP v1.1 which is base for this  one.   Credit goes to Mark  Dowd
    and Michael  Freeman.   This was  tested under  Linux and  Solaris
    2.6/SPARC so far.

    The ZPOP server daemon available from Netmanage contains  multiple
    buffer overflows.   Overflows are present  upto and including  the
    latest  version  (ZPOP  1.0  (patchlevel  60423dev)  ).  It is not
    believed that any systems ship ZPOP 1.0 by default.  Remote  users
    can compromise root access.

Solution

    NetManage has been contacted about releasing a patch, please refer
    to their website for more  information or remove 'zpop' from  your
    system.   No patches  are available  from us  since source code is
    not available to the public.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH