CVE-1999-0006
published 1998-07-14CVE-1999-0006: Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
PriorityP344critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.90%
95.6th percentile
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm | qpopper | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL POP3 x86 SCO overflow
suricata·2010-09-23
CVE-1999-0006 GPL POP3 x86 SCO overflow
GPL POP3 x86 SCO overflow
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"GPL POP3 x86 SCO overflow"; flow:established,to_server; content:"V|0E|1|C0 B0 3B 8D|~|12 89 F9 89 F9|"; reference:bugtraq,156; reference:cve,1999-0006; classtype:attempted-admin; sid:2100289; rev:12; metadata:created_at 2010_09_23, cve CVE_1999_0006, signature_severity Major, updated_at 2024_03_08;)
Exploit-DB
Qualcomm qpopper 2.4 - POP Server Buffer Overflow (2)
exploitdb·1998-06-27
CVE-1999-0006 Qualcomm qpopper 2.4 - POP Server Buffer Overflow (2)
Qualcomm qpopper 2.4 - POP Server Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/133/info
A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version.
To determine if you are vulnerable, telnet to port 110 on the possibly vulnerable host. A banner appears, informing you of the version of the pop server. For example:
% telnet yourmailhost.your.domain.com 110
Trying 123.123.123.123
Connected to mailhost
+OK QPOP (version 2.4) at yourmailhost.your.domain.com starting
If any version prior to 2.5 is reported, including 2.5 beta, you should upgrade immediately to the latest version.
/*
* QPOPPER - remote r
Exploit-DB
Qualcomm qpopper 2.4 - POP Server Buffer Overflow (1)
exploitdb·1998-06-27
CVE-1999-0006 Qualcomm qpopper 2.4 - POP Server Buffer Overflow (1)
Qualcomm qpopper 2.4 - POP Server Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/133/info
A number of buffer-overflow issues reside in versions prior to 2.5 of Qualcomm's 'qpopper' program. Exploiting this issue allows a remote attacker to execute arbitrary commands on hosts that are running a vulnerable version.
To determine if you are vulnerable, telnet to port 110 on the possibly vulnerable host. A banner appears, informing you of the version of the pop server. For example:
% telnet yourmailhost.your.domain.com 110
Trying 123.123.123.123
Connected to mailhost
+OK QPOP (version 2.4) at yourmailhost.your.domain.com starting
If any version prior to 2.5 is reported, including 2.5 beta, you should upgrade immediately to the latest version.
/* Exploit for qpopper
No writeups or analysis indexed.
1998-07-14
Published