From owner-freebsd-security Tue May 30 2: 8:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by hub.freebsd.org (Postfix) with SMTP id 93BC837B57B for ; Tue, 30 May 2000 02:08:10 -0700 (PDT) (envelope-from sen_ml@eccosys.com) Received: (qmail 26210 invoked from network); 30 May 2000 09:03:52 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 30 May 2000 09:03:52 -0000 To: freebsd-security@FreeBSD.ORG Subject: Re: QPOPPER: Remote gid mail exploit From: sen_ml@eccosys.com In-Reply-To: References: <20000530165232H.1001@eccosys.com> X-Mailer: Mew version 1.94.1 on Emacs 20.6 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000530180805Y.1001@eccosys.com> Date: Tue, 30 May 2000 18:08:05 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 20 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: Kris Kennaway Subject: Re: QPOPPER: Remote gid mail exploit Date: Tue, 30 May 2000 01:51:50 -0700 (PDT) Message-ID: > On Tue, 30 May 2000 sen_ml@eccosys.com wrote: > > > i'm a bit confused here -- does this mean the current port is still > > vulnerable or that the port available at the time of the exploit > > announcement happened to be hard to exploit? > > The latter. It was fixed on FreeBSD on 2000/05/25 - an advisory is > forthcoming. aha. thanks for the clarification. p.s. i started to wonder about whether there were any decent alternative pop daemons. anyone have any suggestions? i'd have switched to the pop daemon that comes w/ qmail but i don't want to convert to Maildir just yet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message