Date: Tue, 30 Jun 1998 13:15:38 -0700 (PDT) From: Nicole <nicole@mediacity.com> To: Jeremy Shaffner <jer@jorsm.com> Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, brian@FreeBSD.ORG, Sasha Egan <wildcard@dax.belen.k12.nm.us>, Brian Somers <brian@Awfulhak.org> Subject: Re: Remote exploit in qpopper. Message-ID: <XFMail.980630131538.nicole@mediacity.com> In-Reply-To: <Pine.BSF.3.95q.980630132340.24890F-100000@mercury.jorsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30-Jun-98 Jeremy Shaffner wrote: > > There is also a new version released today from Qualcomm. 2.5 is > patched against all known problems. > ftp://ftp.qualcomm.com/eudora/servers/popper/. > I just tried to go there and the eudora directory doesn't exist. i also tried their other reccoemnded site. Anyone know of alternate sites? Nicole > > FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an > unpatched 2.41beta1. Although it did cause a overflow and popper exited > with a signal 11, it did not provide a root shell. The author of this > particular exploit (It's available on the bugtraq list or from rootshell) > says that it only works on 2.2 or 2.41b1 and only on Linux systems. (The > exploit itself can be run from any platform.) > > The patches that Jordan has made do work. You can get the new -current > port and build that, or get 2.5 from qualcomm and build it yourself. > > On Tue, 30 Jun 1998, Brian Somers wrote: > >> > >> > Hey Brian, >> > I dunno if you have been watching some of the lists but there is some >> > definate problems in Qualcom's popper... >> [.....] >> >> Looks like I spoke too soon. A pile of patches have now been made to >> popper :-) >> >> > Sasha Egan >> > Belen Consolidated Schools >> > Belen, NM >> > (505) 861-4981 >> > pager: (505) 875-8866 >> >> -- >> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> >> <http://www.Awfulhak.org>; >> Don't _EVER_ lose your sense of humour.... >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > > -===================================================================- > Jeremy Shaffner JORSM Internet > Senior Technical Support Northwest Indiana's Premium > jer@jorsm.com Internet Service Provider > support@jorsm.com http://www.jorsm.com > -===================================================================- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message |\ __ /| (`\ | o_o |__ ) ) // \\ Nicole Harrington | SR Systems Administrator -------------------(((---(((----------------------- nicole@mediacity.com - nicole@ispchannel.com www.mediacity.com - www.ispchannel.com Phone: 650-237-1464 - Pager: 415-301-2482 Powered By Coca-Cola and FreeBSD Why do doctors call what they do practice? Microsoft: What bug would you like today? ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980630131538.nicole>