Popcorn mail client denial of service
|popcorn-mail-dos (9547)||Medium Risk|
Popcorn is vulnerable to a denial of service attack. A remote attacker could send a malicious email with a malformed or overly long Subject: field or a malformed Date: field to cause the Popcorn client to crash.
Denial of Service
Download and install the latest version of Popcorn, or at least version 1.24 (06-Sep-2002) from the Ultrafunk Web site. See References.
- Auriemma Luigi, PivX Security Advisory - Popcorn: Popcorn vulnerabilities.
- BugTraq Mailing List, Thu Jul 11 2002 - 14:16:49 CDT: Popcorn vulnerabilities.
- Ultrafunk Web site: Ultrafunk: Products/Popcorn.
- BID-5212: Ultrafunk Popcorn Multiple Denial of Service Vulnerabilities
- CVE-2002-1043: Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject (\t\t).
- CVE-2002-1044: Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field.
- CVE-2002-1045: Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037.
- OSVDB ID: 9913: Ultrafunk Popcorn Malformed Subject Field DoS
- OSVDB ID: 9914: Ultrafunk Popcorn Malformed Date Field DoS
- OSVDB ID: 9915: Ultrafunk Popcorn Subject Field Overflow
- Ultrafunk Popcorn 1.20 and prior
Jul 11, 2002