From owner-freebsd-security Thu May 25 0: 4:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by hub.freebsd.org (Postfix) with SMTP id A389137B9D9 for ; Thu, 25 May 2000 00:04:16 -0700 (PDT) (envelope-from sen_ml@eccosys.com) Received: (qmail 7265 invoked from network); 25 May 2000 07:00:14 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 25 May 2000 07:00:14 -0000 To: freebsd-security@freebsd.org Subject: Re: QPOPPER: Remote gid mail exploit From: sen_ml@eccosys.com In-Reply-To: References: X-Mailer: Mew version 1.94.1 on Emacs 20.6 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000525160410I.1001@eccosys.com> Date: Thu, 25 May 2000 16:04:10 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 14 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: Jeremy Shaffner Subject: QPOPPER: Remote gid mail exploit Date: Wed, 24 May 2000 16:40:00 -0500 (CDT) Message-ID: > [Patch is at the end] > > Here is the original advisory. Note that the actual advisory is > correct WRT the file and line numbers. The posts on Bugtraq indicate to > patch pop_msg.c instead of pop_uidl.c. while patching and restarting a qpopper server locally, i started wondering...how much of a problem is this on a freebsd system where /var/mail or /var/spool/mail is not setgid mail? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message