From owner-freebsd-questions Mon Jul 20 17:03:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA23666 for freebsd-questions-outgoing; Mon, 20 Jul 1998 17:03:03 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA23629 for ; Mon, 20 Jul 1998 17:02:56 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.8.5/8.8.8) with SMTP id RAA23730; Mon, 20 Jul 1998 17:02:37 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Date: Mon, 20 Jul 1998 17:02:36 -0700 (PDT) From: Doug White To: Val cc: freebsd-questions@FreeBSD.ORG Subject: Re: Off topic - popper security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 20 Jul 1998, Val wrote: > This message probably doesn't belong to this list, but since i run freebsd > and complided popper as part of it, it would be interesting what you > think. Today i got a call from a concerned individual who is alleging > that trough the /usr/local/libexec/popper one can get into the system. That is correct. There are known exploits in popper. I suggest upgrading to the latest version and/or switching to a different POP server. Qualcomm has issued fixed versions. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message