Bug 33107 (CVE-2001-1487)

Summary: VUL-0: CVE-2001-1487: Minor security problems in qpopper's popauth
Product: [Novell Products] SUSE Security Incidents Reporter: Olaf Kirch <okir>
Component: IncidentsAssignee: Arvin Schnell <aschnell>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2001-1487: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Patch for the bugs mentioned in the text

Description Olaf Kirch 2002-08-20 23:26:17 UTC 
I found two security issues with popauth:

 -	The -trace switch lets you write the debug log to any file
        owned by user pop.

 -	The logit() function has subtle and possibly harmless buffer
	overflow because it thinks snprintf returns negative values
	when the buffer would overflow. However, it returns the number
	that would be written if the buffer were large enough. This
	makes the iLeft -= iChunk subtraction underflow, and iLeft
	will become a large positive number.

Will attach patch.
Comment 1 Olaf Kirch 2002-08-20 23:28:46 UTC 
Created attachment 10193 [details]
Patch for the bugs mentioned in the text
Comment 2 Arvin Schnell 2002-08-21 21:04:44 UTC 
I have added the patch to qpopper in stable. If you want further
actions please tell so.
Comment 3 Olaf Kirch 2002-08-21 21:09:20 UTC 
No, that's just fine. Thanks a lot!

Olaf
Comment 4 Marcus Meissner 2007-03-23 15:47:09 UTC 
-trace looks like CVE-2001-1487
Comment 5 Thomas Biege 2009-10-13 19:31:31 UTC 
CVE-2001-1487: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)