Pop3
Tony Zafiropoulos
tonyz at ctitek.com
Thu Apr 4 14:50:43 CST 2002
On Thu, 4 Apr 2002, Jeremy Fowler wrote:
> I like Qpopper myself. It supports TLS/SSL, is open source, and very
> fast.
>
> http://www.eudora.com/qpopper/
>
I liked it as well, until one of the boxes I support started crashing
unexpectedly...
Traced it to the pop3 server:
http://linux.oreillynet.com/pub/a/linux/2002/03/25/insecurities.html#qpo
QPopper
A bug in QPopper can be used in a denial-of-service attack. When a string
is sent to QPopper that contains more than 2048 characters, the
application will consume large amounts of CPU time. This bug is reported
to affect versions 4.0.1 and 4.0.3 under Linux. It is not known if the bug
affects earlier versions of QPopper.
Affected users should watch their vendor for an repaired version of
QPopper.
I now use teapop (just some program from freshmeat)... and it works just
fine... very responsive as well.
http://www.toontown.org/teapop/
Tony
--
Tony Zafiropoulos
FixMyVirus.com
Cel: 314-504-3974
tonyz at fixmyvirus.com
Best way to reduce your virus exposure?
Run Linux - Replace Windows one system at a time.
More information about the Kclug
mailing list