COMMAND

    zpop

SYSTEMS AFFECTED

    Netmanage ZPOP v1.1

PROBLEM

    Prism Technologies Ltd. released security advisory about Netmanage
    ZPOP v1.1 which is base for this  one.   Credit goes to Mark  Dowd
    and Michael  Freeman.   This was  tested under  Linux and  Solaris
    2.6/SPARC so far.

    The ZPOP server daemon available from Netmanage contains  multiple
    buffer overflows.   Overflows are present  upto and including  the
    latest  version  (ZPOP  1.0  (patchlevel  60423dev)  ).  It is not
    believed that any systems ship ZPOP 1.0 by default.  Remote  users
    can compromise root access.

SOLUTION

    NetManage has been contacted about releasing a patch, please refer
    to their website for more  information or remove 'zpop' from  your
    system.   No patches  are available  from us  since source code is
    not available to the public.