From owner-freebsd-security Sat Dec 26 01:36:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA15725 for freebsd-security-outgoing; Sat, 26 Dec 1998 01:36:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA15719 for ; Sat, 26 Dec 1998 01:36:45 -0800 (PST) (envelope-from mlists@gizmo.kyrnet.kg) Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA10276; Sat, 26 Dec 1998 14:04:56 +0600 Received: from localhost (mlists@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA27149; Sat, 26 Dec 1998 14:34:44 +0500 Date: Sat, 26 Dec 1998 14:34:42 +0500 (KGT) From: CyberPsychotic Reply-To: fygrave@tigerteam.net To: Gustavo Vieira G C Rios cc: FreeBSD Security Subject: Re: qpopper In-Reply-To: <3681B710.66AFAD48@netshell.vicosa.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ Hi, i am a security paranoid, so i would like to know how secure is ~ qpopper (which is the best: qpopper or cucipop)? ~ How can i use xinetd and qpopper together? several vulneriabilities were found in qpoper implementations: the first, and the most evil one, is a buffer overflow, so consider an upgrade, if you want to use it. another, one, which existed in older ones, allowed an intruder to brute-force passwords without being noticed (and even disconnected in some cases). as for cucipop, I never used it so have no ideas. On most of my Unix systems I use pop3 daemon, which was originally developed for Linux under GNU, but could be ported to BSD easily. (basically path fixes). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message