From owner-freebsd-security  Tue Jul 21 18:43:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA05072
          for freebsd-security-outgoing; Tue, 21 Jul 1998 18:43:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.128.94.182])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA05067
          for <security@freebsd.org>; Tue, 21 Jul 1998 18:43:13 -0700 (PDT)
          (envelope-from ahd@kew.com)
Received: (from ahd@localhost)
	by kendra.ne.mediaone.net (8.9.0/8.9.0) id VAA00776;
	Tue, 21 Jul 1998 21:42:45 -0400 (EDT)
Date: Tue, 21 Jul 1998 21:42:45 -0400 (EDT)
From: Drew Derbyshire <ahd@kew.com>
Message-Id: <199807220142.VAA00776@kendra.ne.mediaone.net>
To: trouble@webfyre.com
Subject: Re: hacked and don't know why
Cc: security@FreeBSD.ORG
In-Reply-To: <35B4CDBD.67F9043@iwebb.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I believe the trouble has been located.  I'm running a pre-2.5 version 
of qpopper, which just had a CERT advisory put up on it for a buffer 
overflow problem.  Until I can upgrade the version, I've restricted
access to it via packet filtering.

-ahd-

--
Drew Derbyshire                 Internet:       ahd@kew.com
Kendra Electronic Wonderworks   Telephone:      781-279-9812

 Every Creature has within him the wild, uncontrollable urge to PUNT.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message