Date: Wed, 09 Sep 1998 00:55:11 +1000 From: Jim Mock <jim@phrantic.phear.net> To: "mtts" <adm@gus.orgus.ru> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: trouble Message-ID: <199809081453.HAA13488@phear.net> In-Reply-To: <199809081001.QAA04193@gus.orgus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
At , you wrote: >Hi! >Some not very friendly people told us that our EMAIL-servser has a hole in >securety. >It powered by FreeBSD2.2.1 and has sendmail provided by OS and POP3 from the >package. Everything was installed from a CD-ROM sold by Walnut Creek CDROM( >dated April 1997). >Can You tell us what kind of problems may be with it and how to solve them. >If You are able, could You test our E-mail server. The name is email.orgus.ru. >Thanks > Update qpopper. I just telneted to your pop port on the machine in question and here's what I got.. [jim@phear:~]$ telnet email.orgus.ru 110 Trying 195.16.115.189... Connected to gus.orgus.ru. Escape character is '^]'. +OK QPOP (version 2.2) at gus.orgus.ru starting. <4829.905265927@gus.orgus.ru> ^] telnet> close Connection closed. The version of qpopper you're running is exploitable to a root shell. You'll want to update it as soon as possible. The latest version is in the ports collection.. cd /usr/ports/mail make popper cd popper make install that'll update you to 2.53 which is fixed and is the latest version (as far as I know). You can also download the source and find more info at http://www.eudora.com/freeware/qpop.html Btw.. updating sendmail to the latest version probably wouldn't hurt either. Hope this helps. Jim +------------------------------------------+ Jim Mock | Phear.Net | KidzHaven email: jim@phrantic.phear.net web: http://www.phear.net/ web: http://www.kidzhaven.com/ +------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809081453.HAA13488>