From owner-freebsd-security  Sun Jun 28 00:59:42 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA14380
          for freebsd-security-outgoing; Sun, 28 Jun 1998 00:59:42 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from piggy.kharkiv.net (piggy.kharkiv.net [194.44.156.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA14370
          for <freebsd-security@freebsd.org>; Sun, 28 Jun 1998 00:59:28 -0700 (PDT)
          (envelope-from news@piggy.kharkiv.net)
Received: (from news@localhost)
	by piggy.kharkiv.net (8.8.8-MVC/8.8.8/piggy) id KAA04453;
	Sun, 28 Jun 1998 10:58:59 +0300 (EEST)
	(envelope-from news)
To: freebsd-security@FreeBSD.ORG
Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT
Date: Sun, 28 Jun 1998 10:59:00 +0300
Message-ID: <3595F7C4.650979D9@kharkiv.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.6-STABLE i386)
X-Via: News-To-Mail v1.0 <doka@kharkiv.net>
From: "Vadim V. Chepkov" <vvc@kharkiv.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Jordan K. Hubbard wrote:
> 
> > THere seems to be yet another similar buffer overflow
> > in pop_log.c
> 
> Fixed.  Please cvsup the latest ports collection and make sure
> that ports/mail/popper is updated - all the new patches are in
> ports/mail/popper/patches/patch-ag.
> 

Hello!

I did make that

Updating collection ports-all/cvs
 Edit ports/mail/popper/patches/patch-ag
  Add delta 1.4 98.06.27.20.47.27 ache
  Add delta 1.5 98.06.27.21.47.34 jkh


And now popper crush immediately

# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
Connection closed by foreign host.
 
/kernel: pid 9696 (popper), uid 0: exited on signal 11 (core dumped)


Kind regards,
Vadim V. Chepkov
Kharkiv Online ISP
------------------------------------------------------
Vadim V. Chepkov, Kharkiv State Polytechnic University
21 Frunze Str.,     Kharkiv,     Ukraine,       310002
Tel: +380 572 400279              Fax: +380 572 400592
e-mail: vvc@kharkiv.net    http://www.kharkiv.net/~vvc
------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message