From owner-freebsd-security  Sat Jun 27 17:53:12 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA26700
          for freebsd-security-outgoing; Sat, 27 Jun 1998 17:53:12 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA26681
          for <freebsd-security@FreeBSD.ORG>; Sat, 27 Jun 1998 17:53:07 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id RAA06846;
	Sat, 27 Jun 1998 17:53:43 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
To: Igor Roshchin <igor@physics.uiuc.edu>
cc: freebsd-security@FreeBSD.ORG, igor@alecto.physics.uiuc.edu (Igor Roshchin)
Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT 
In-reply-to: Your message of "Sat, 27 Jun 1998 19:23:54 CDT."
             <199806280023.TAA04462@alecto.physics.uiuc.edu> 
Date: Sat, 27 Jun 1998 17:53:43 -0700
Message-ID: <6842.898995223@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I've just downloaded "popper" directory from 
> ftp://ftp.freebsd.org/.25/FreeBSD/FreeBSD-current/ports/mail
> It is still missing patch for the "UIDL" problem
> (pop_dropcopy.c)

Yes, well, I didn't try to fix that one is why. :)

I think maybe I'll wait for Peter to come back with his changes
since he claims to have fixed a whole _slew_ of potential overflows
whereas I've just gone at the problem one overflow at a time.

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message