File Overwrite Vulnerability in Qualcomm Qpopper Utility
CVE-2001-1487

Currently unrated

Key Information:

Vendor: Qualcomm
Status: Qpopper
Vendor: CVE Published:; 31 December 2001

Summary

The popauth utility in Qualcomm Qpopper versions 4.0 and earlier is susceptible to a vulnerability that permits local users to overwrite arbitrary files. This is achieved through a symlink attack on the -trace file option, which ultimately allows attackers to execute commands under the privileges of the pop user. Organizations using affected versions of Qpopper should take immediate action to mitigate this risk to safeguard their systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7707

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/246069

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Jun 21, 2005
Vulnerability published
Dec 31, 2001