Date: Tue, 30 Jun 1998 16:08:55 -0700 (PDT) From: Nicole <nicole@mediacity.com> To: Jeremy Shaffner <jer@jorsm.com> Cc: Brian Somers <brian@Awfulhak.org>, Sasha Egan <wildcard@dax.belen.k12.nm.us>, brian@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Remote exploit in qpopper. Message-ID: <XFMail.980630160855.nicole@mediacity.com> In-Reply-To: <Pine.BSF.3.95q.980630160044.24890L-100000@mercury.jorsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30-Jun-98 Jeremy Shaffner wrote: > Heh..the bastards...They changed it to oldeudora. They could have done > that before mailing me with the URL I gave you. > Ah ha... Yes they are on the move arn't they.. That wasn't there when I went there... Tap tap tap tap... Nicole > On Tue, 30 Jun 1998, Nicole wrote: > >> >> On 30-Jun-98 Jeremy Shaffner wrote: >> > >> > There is also a new version released today from Qualcomm. 2.5 is >> > patched against all known problems. >> > ftp://ftp.qualcomm.com/eudora/servers/popper/. >> > >> >> >> I just tried to go there and the eudora directory doesn't exist. i also >> tried >> their other reccoemnded site. Anyone know of alternate sites? >> >> >> Nicole >> >> >> > >> > FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an >> > unpatched 2.41beta1. Although it did cause a overflow and popper exited >> > with a signal 11, it did not provide a root shell. The author of this >> > particular exploit (It's available on the bugtraq list or from rootshell) >> > says that it only works on 2.2 or 2.41b1 and only on Linux systems. (The >> > exploit itself can be run from any platform.) >> > >> > The patches that Jordan has made do work. You can get the new -current >> > port and build that, or get 2.5 from qualcomm and build it yourself. >> > >> > On Tue, 30 Jun 1998, Brian Somers wrote: >> > >> >> > >> >> > Hey Brian, >> >> > I dunno if you have been watching some of the lists but there is some >> >> > definate problems in Qualcom's popper... >> >> [.....] >> >> >> >> Looks like I spoke too soon. A pile of patches have now been made to >> >> popper :-) >> >> >> >> > Sasha Egan >> >> > Belen Consolidated Schools >> >> > Belen, NM >> >> > (505) 861-4981 >> >> > pager: (505) 875-8866 >> >> >> >> -- >> >> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> >> >> <http://www.Awfulhak.org> >> >> Don't _EVER_ lose your sense of humour.... >> >> >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >> > >> > -===================================================================- >> > Jeremy Shaffner JORSM Internet >> > Senior Technical Support Northwest Indiana's Premium >> > jer@jorsm.com Internet Service Provider >> > support@jorsm.com http://www.jorsm.com >> > -===================================================================- >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe security" in the body of the message >> >> |\ __ /| (`\ >> | o_o |__ ) ) >> // \\ >> Nicole Harrington | SR Systems Administrator >> -------------------(((---(((----------------------- >> >> nicole@mediacity.com - nicole@ispchannel.com >> www.mediacity.com - www.ispchannel.com >> Phone: 650-237-1464 - Pager: 415-301-2482 >> >> Powered By Coca-Cola and FreeBSD >> >> Why do doctors call what they do practice? >> Microsoft: What bug would you like today? >> ---------------------------------------------------- >> >> > > > -===================================================================- > Jeremy Shaffner JORSM Internet > Senior Technical Support Northwest Indiana's Premium > jer@jorsm.com Internet Service Provider > support@jorsm.com http://www.jorsm.com > -===================================================================- |\ __ /| (`\ | o_o |__ ) ) // \\ Nicole Harrington | SR Systems Administrator -------------------(((---(((----------------------- nicole@mediacity.com - nicole@ispchannel.com www.mediacity.com - www.ispchannel.com Phone: 650-237-1464 - Pager: 415-301-2482 Powered By Coca-Cola and FreeBSD Why do doctors call what they do practice? Microsoft: What bug would you like today? ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.980630160855.nicole>