Date: Mon, 20 Jul 1998 10:00:29 +1000 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.SOL.3.96.980720094756.27930A-100000@wumpus.its.uow.edu.au> In-Reply-To: <199807191709.LAA28734@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 19 Jul 1998, Brett Glass wrote: > Our system has been penetrated via a buffer overflow exploit in Qualcomm's > QPOPPER, as obtained from the FreeBSD ports library. But there's no > advisory about this on FreeBSD's site.... In fact, we learned of the > exploit only because the cracker was sloppy. > > We need advice on resecuring the system and preventing future incidents of > this kind. CERT has been utterly unresponsive; they seem to have ignored > our two e-mails asking for help. Any help we can get from members of the > FreeBSD community would be MUCH appreciated. CERT typically ignores requests for help unless you are a very large company. Small ISP's and businesses connected to the internet are unlikely to receive personal assistance. However, CERT has put out an advisory on the qpopper vulnerability: ftp.cert.org:/pub/cert_advisories/CA-98.08.qpopper_vul >From the vendor information page: "Versions of QUALCOMM qpopper prior to 2.5 are vulnerable. QUALCOMM recommends upgrading to the most recent version..." CERT also has a paper on recovering from incidents which is accessable from their web page and ftp site. And finally, two other sites you should keep an eye on: http://www.freebsd.org/security/security.html (FreeBSD Security Guide) http://www.watson.org/fbsd-hardening/ (FreeBSD Hardening Project) > > --Brett Glass Good luck, Nick :) -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.980720094756.27930A-100000>