Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jun 1998 16:08:55 -0700 (PDT)
From:      Nicole <nicole@mediacity.com>
To:        Jeremy Shaffner <jer@jorsm.com>
Cc:        Brian Somers <brian@Awfulhak.org>, Sasha Egan <wildcard@dax.belen.k12.nm.us>, brian@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: Remote exploit in qpopper.
Message-ID:  <XFMail.980630160855.nicole@mediacity.com>
In-Reply-To: <Pine.BSF.3.95q.980630160044.24890L-100000@mercury.jorsm.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On 30-Jun-98 Jeremy Shaffner wrote:
> Heh..the bastards...They changed it to oldeudora.  They could have done
> that before mailing me with the URL I gave you.
> 

 Ah ha... Yes they are on the move arn't they.. That wasn't there when I went
there... Tap tap tap tap...

  Nicole


> On Tue, 30 Jun 1998, Nicole wrote:
> 
>> 
>> On 30-Jun-98 Jeremy Shaffner wrote:
>> > 
>> > There is also a new version released today from Qualcomm.  2.5 is
>> > patched against all known problems.
>> > ftp://ftp.qualcomm.com/eudora/servers/popper/.
>> > 
>> 
>> 
>>  I just tried to go there and the eudora directory doesn't exist. i also
>>  tried
>> their other reccoemnded site. Anyone know of alternate sites?
>> 
>> 
>>  Nicole
>> 
>> 
>> > 
>> > FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an
>> > unpatched 2.41beta1.  Although it did cause a overflow and popper exited
>> > with a signal 11, it did not provide a root shell.  The author of this
>> > particular exploit (It's available on the bugtraq list or from rootshell)
>> > says that it only works on 2.2 or 2.41b1 and only on Linux systems.  (The
>> > exploit itself can be run from any platform.)
>> > 
>> > The patches that Jordan has made do work.  You can get the new -current
>> > port and build that, or get 2.5 from qualcomm and build it yourself.
>> > 
>> > On Tue, 30 Jun 1998, Brian Somers wrote:
>> > 
>> >> > 
>> >> > Hey Brian, 
>> >> > I dunno if you have been watching some of the lists but there is some
>> >> > definate problems in Qualcom's popper...
>> >> [.....]
>> >> 
>> >> Looks like I spoke too soon.  A pile of patches have now been made to 
>> >> popper :-)
>> >> 
>> >> > Sasha Egan
>> >> > Belen Consolidated Schools
>> >> > Belen, NM 
>> >> > (505) 861-4981
>> >> > pager: (505) 875-8866
>> >> 
>> >> -- 
>> >> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
>> >>       <http://www.Awfulhak.org>;
>> >> Don't _EVER_ lose your sense of humour....
>> >> 
>> >> 
>> >> 
>> >> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> >> with "unsubscribe freebsd-questions" in the body of the message
>> >> 
>> > 
>> > 
>> > -===================================================================-
>> > Jeremy Shaffner                                       JORSM Internet
>> > Senior Technical Support                Northwest Indiana's Premium
>> > jer@jorsm.com                            Internet Service Provider    
>> > support@jorsm.com                          http://www.jorsm.com       
>> > -===================================================================-
>> > 
>> > 
>> > To Unsubscribe: send mail to majordomo@FreeBSD.org
>> > with "unsubscribe security" in the body of the message
>> 
>>                     |\ __ /|   (`\            
>>                     | o_o  |__  ) )           
>>                    //      \\                 
>>      Nicole Harrington | SR Systems Administrator
>> -------------------(((---(((-----------------------
>> 
>>   nicole@mediacity.com - nicole@ispchannel.com   
>>      www.mediacity.com - www.ispchannel.com
>>    Phone: 650-237-1464 - Pager: 415-301-2482
>> 
>>        Powered By Coca-Cola and FreeBSD
>> 
>>    Why do doctors call what they do practice?
>>     Microsoft: What bug would you like today?
>> ----------------------------------------------------
>> 
>> 
> 
> 
> -===================================================================-
> Jeremy Shaffner                                       JORSM Internet
> Senior Technical Support                Northwest Indiana's Premium
> jer@jorsm.com                            Internet Service Provider    
> support@jorsm.com                          http://www.jorsm.com       
> -===================================================================-

                    |\ __ /|   (`\            
                    | o_o  |__  ) )           
                   //      \\                 
     Nicole Harrington | SR Systems Administrator
-------------------(((---(((-----------------------

  nicole@mediacity.com - nicole@ispchannel.com   
     www.mediacity.com - www.ispchannel.com
   Phone: 650-237-1464 - Pager: 415-301-2482

       Powered By Coca-Cola and FreeBSD

   Why do doctors call what they do practice?
    Microsoft: What bug would you like today?
----------------------------------------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980630160855.nicole>