Date: Sat, 27 Jun 1998 19:51:08 -0500 (CDT) From: Igor Roshchin <igor@physics.uiuc.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT (fwd) Message-ID: <199806280051.TAA04771@alecto.physics.uiuc.edu>
next in thread | raw e-mail | index | archive | help
----- Forwarded message from Igor Roshchin ----- > > > THere seems to be yet another similar buffer overflow > > > in pop_log.c > > > > Fixed. Please cvsup the latest ports collection and make sure > > that ports/mail/popper is updated - all the new patches are in > > ports/mail/popper/patches/patch-ag. > > > > - Jordan > > > > Jordan, > > I've just downloaded "popper" directory from > ftp://ftp.freebsd.org/.25/FreeBSD/FreeBSD-current/ports/mail > It is still missing patch for the "UIDL" problem > (pop_dropcopy.c) > > Several people had suggestion looking like: > if (strlen(cp) >= 128) cp[127] = 0; > > before the line 497 as it appears in that file after patch-ad is applied. > (originally, I believe, before 459 ) > > May be I am missing something, but I don't think that patch-ad, which is > so far the only patch realted to pop_dropcopy.c addressed this problem > > Regards, > > IgoR > Some more on this issue: I've update popper from 2.4b2. With the patches applied, popper 2.41beta1 (on a 2.2.5-RELEASE) dumps core just on any connection. Am I missing something ? alecto: [19:25] [471] ~>telnet mailhost.somedomain.com pop3 escape character is '^Y'. Trying 209.125.17.11... Connected to mailhost.somedomain.com. Escape character is '^Y'. Connection closed by foreign host. alecto: [19:25] [472] ~>l /tmp/STRING -rw------- 1 igor group 48406 Jun 27 02:44 /tmp/STRING Jun 27 20:25:40 mailhost /kernel: pid 13587 (popper), uid 0: exited on signal 11 (core dumped) IgoR ----- End of forwarded message from Igor Roshchin ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806280051.TAA04771>