Date: Sat, 11 Jul 1998 00:07:50 -0400 (EDT) From: spork <spork@super-g.com> To: Joao Paulo Caldas Campello <john@neoplanos.com.br> Cc: freebsd-security@FreeBSD.ORG Subject: Re: About (another?) popper bug Message-ID: <Pine.BSF.4.00.9807110002560.12602-100000@super-g.inch.com> In-Reply-To: <Pine.BSF.3.96.980710100654.2278A-100000@dumont.neoplanos.com. br>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm curious if anyone else is seeing some odd behaviour in qpopper 2.52. I built it using the port, but changed two things before the build step, I set it to "SERVER_MODE" and removed "KEEP_TEMP_DROP". By default, BULLDB is enabled. If you take a look at /your/bulldb/dir/bulldb.db, does anyone else see some odd things in there (looking at it with 'strings')? I see lots of master.passwd fragments, including encrypted passwords. Granted, the file is readable only by root, but it seems odd that that info should be in there and it makes me a bit nervous. Ideas? I'm working on getting cucipop to build with the db 2.x support, but in the meantime we're sticking with qpopper... Thanks, Charles Charles Sprickman spork@super-g.com ---- On Fri, 10 Jul 1998, Joao Paulo Caldas Campello wrote: > Hi all, > > The last days i've seen some messages about an exploitable bug in > popper, but I couldn't locate the original message, certainly `cause I was > not yet subscribed in the list... If some good soul could send me any > information about this bug - how may i test if it's exploitable in my > FreeBSD system (2.2.6-RELEASE), and how may i fix that - i would be very > pleased. > > thanks, > > J. Paulo > Director of Internet Dept. > Neo Planos High School > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9807110002560.12602-100000>