Date: Mon, 28 Jun 1999 09:24:58 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Keith Anderson <keith@apcs.com.au>, security@FreeBSD.ORG Subject: Re: Whats going on please Message-ID: <Pine.BSF.3.96.990628091852.14857B-100000@anchovy.orem.iserver.com> In-Reply-To: <xzp6748im6j.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 Jun 1999, Dag-Erling Smorgrav wrote: > > Jun 27 17:06:59 work popper[1550]: @compl-r4.iscs.nus.sg: -ERR POP EOF received > > Jun 27 17:07:00 work popper[1552]: @compl-r4.iscs.nus.sg: -ERR POP EOF received > > Jun 27 17:07:03 work popper[1553]: @compl-r4.iscs.nus.sg: -ERR POP EOF received > > He tried to exploit your POP server. Doesn't seem like he succeeded, > but I can't tell for sure. That's not necessarily an exploit attempt; the message only means that the socket connection to popper was closed before the daemon expected it to close. This is also a symptom of a TCP port scan. I think that the original poster mentioned that he is running Qualcomm popper 2.53 which should be fixed with regards to the overflow in pop_msg() from last year (which is probably the hole everyone is thinking of), but that doesn't mean that other undiscovered holes aren't lurking in the code. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990628091852.14857B-100000>