From owner-freebsd-security  Sat Jun 27 17:23:58 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA22393
          for freebsd-security-outgoing; Sat, 27 Jun 1998 17:23:58 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA22388
          for <freebsd-security@freebsd.org>; Sat, 27 Jun 1998 17:23:56 -0700 (PDT)
          (envelope-from igor@alecto.physics.uiuc.edu)
Received: (from igor@localhost)
	by alecto.physics.uiuc.edu (8.9.0/8.9.0) id TAA04462;
	Sat, 27 Jun 1998 19:23:54 -0500 (CDT)
From: Igor Roshchin <igor@physics.uiuc.edu>
Message-Id: <199806280023.TAA04462@alecto.physics.uiuc.edu>
Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT
In-Reply-To: <6133.898984165@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 27, 1998  2:49:25 pm"
To: jkh@time.cdrom.com (Jordan K. Hubbard)
Date: Sat, 27 Jun 1998 19:23:54 -0500 (CDT)
Cc: freebsd-security@FreeBSD.ORG, igor@alecto.physics.uiuc.edu (Igor Roshchin)
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > THere seems to be yet another similar buffer overflow
> > in pop_log.c
> 
> Fixed.  Please cvsup the latest ports collection and make sure
> that ports/mail/popper is updated - all the new patches are in
> ports/mail/popper/patches/patch-ag.
> 
> - Jordan
> 

Jordan,

I've just downloaded "popper" directory from 
ftp://ftp.freebsd.org/.25/FreeBSD/FreeBSD-current/ports/mail
It is still missing patch for the "UIDL" problem
(pop_dropcopy.c)

Several people had suggestion looking like:
if (strlen(cp) >= 128) cp[127] = 0;

before the line 497 as it appears in that file after patch-ad is applied.
(originally, I believe, before  459 )

May be I am missing something, but I don't think that patch-ad,  which is
so far the only patch realted to pop_dropcopy.c addressed this problem

Regards,

IgoR

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message