COMMAND

    QPC POPd

SYSTEMS AFFECTED

    QPC POPd

PROBLEM

    Following is based  on a Strumpf  Noir Society Advisories.   QPC's
    popd is  the pop3  mailserver component  of the  company's QVT/NET
    product line for MS Windows.

    The pop daemon that ships with the QVT/NET software suite contains
    an unchecked  buffer in  the logon  function.   When a username or
    password of 584 bytes  or more gets fed  to the server the  buffer
    will overflow and  will trigger an  access violation, after  which
    the server dies.

    This was tested against QVT/Net Popd 4.20 coming with the  QVT/Net
    5.0 suite, running on MS Win2k.

SOLUTION

    Vendor QPC was notified but has yet to respond.