From owner-freebsd-security Mon May 29 7:14:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 273CD37BA27 for ; Mon, 29 May 2000 07:14:10 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 98641 invoked from network); 29 May 2000 14:14:03 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 29 May 2000 14:14:03 -0000 Received: (qmail 20175 invoked by uid 11109); 29 May 2000 14:14:03 -0000 Mail-Followup-To: freebsd-security@FreeBSD.ORG Date: Mon, 29 May 2000 16:14:03 +0200 From: Peter van Dijk To: freebsd-security@FreeBSD.ORG Subject: Re: QPOPPER: Remote gid mail exploit Message-ID: <20000529161403.H19887@vuurwerk.nl> References: <20000525160410I.1001@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000525160410I.1001@eccosys.com>; from sen_ml@eccosys.com on Thu, May 25, 2000 at 04:04:10PM +0900 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, May 25, 2000 at 04:04:10PM +0900, sen_ml@eccosys.com wrote: [snip] > > > > Here is the original advisory. Note that the actual advisory is > > correct WRT the file and line numbers. The posts on Bugtraq indicate to > > patch pop_msg.c instead of pop_uidl.c. > > while patching and restarting a qpopper server locally, i started > wondering...how much of a problem is this on a freebsd system where > /var/mail or /var/spool/mail is not setgid mail? As with the IMAP exploit, this will give people a shell, which they usually didn't have beforehand, when they are just popusers. Greetz, Peter. -- petervd@vuurwerk.nl - Peter van Dijk [student:developer:madly in love] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message