From owner-freebsd-questions  Mon Jul 20 16:26:27 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA14013
          for freebsd-questions-outgoing; Mon, 20 Jul 1998 16:26:27 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from freebie.lemis.com (freebie.lemis.com [139.130.136.133] (may be forged))
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA13981
          for <freebsd-questions@freebsd.org>; Mon, 20 Jul 1998 16:26:20 -0700 (PDT)
          (envelope-from grog@freebie.lemis.com)
Received: (from grog@localhost)
	by freebie.lemis.com (8.9.1/8.9.0) id IAA01591;
	Tue, 21 Jul 1998 08:55:49 +0930 (CST)
Message-ID: <19980721085549.R12064@freebie.lemis.com>
Date: Tue, 21 Jul 1998 08:55:49 +0930
From: Greg Lehey <grog@lemis.com>
To: Val <val@hcol.net>, freebsd-questions@FreeBSD.ORG
Subject: Re: Off topic - popper security
References: <Pine.BSF.3.96.980720155107.28050A-100000@ns.hcol.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <Pine.BSF.3.96.980720155107.28050A-100000@ns.hcol.net>; from Val on Mon, Jul 20, 1998 at 04:29:40PM -0500
WWW-Home-Page: http://www.lemis.com/~grog
Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Monday, 20 July 1998 at 16:29:40 -0500, Val wrote:
> This message probably doesn't belong to this list, but since i run freebsd
> and complided popper as part of it, it would be interesting what you
> think.  Today i got a call from a concerned individual who is alleging
> that trough the /usr/local/libexec/popper one can get into the system.
>
> Indicator is the syslog entry like this:
>
> Jul 20 11:23:33 ns popper[23620]: @ip250.white-plains3.ny.pub-ip.psi.net:
> -ERR POP EOF received
> ns popper[23623]: @ip250.white-plains3.ny.pub-ip.psi.net: -ERR Unknown
> command: "^P^P^P^P^P^P^P^P^P^P...many times ^P^P^P^P^P^P^P"
>
> Did anyone hear about this problem?  What is the usual way for resolving
> these other than learning C and looking in the source code?

Yes, this is a known problem, and yes, it looks as if somebody might
be trying to exploit it.  Download and build the latest version of the
port from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/mail.

Greg
--
See complete headers for address and phone numbers
finger grog@lemis.com for PGP public key

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message