From owner-freebsd-questions Tue Jun 30 00:27:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA21348 for freebsd-questions-outgoing; Tue, 30 Jun 1998 00:27:33 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA21295; Tue, 30 Jun 1998 00:27:09 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from gate.lan.awfulhak.org (brian@localhost [127.0.0.1]) by awfulhak.org (8.8.8/8.8.8) with ESMTP id IAA10685; Tue, 30 Jun 1998 08:11:54 +0100 (BST) (envelope-from brian@gate.lan.awfulhak.org) Message-Id: <199806300711.IAA10685@awfulhak.org> X-Mailer: exmh version 2.0.1 12/23/97 To: Sasha Egan cc: brian@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Remote exploit in qpopper. In-reply-to: Your message of "Mon, 29 Jun 1998 13:42:47 MDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 30 Jun 1998 08:11:53 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG It's unlikely that anyone'll fix code that's not part of the base system. When I saw this stuff I skipped over it for exactly this reason (and I'm not that interested in the popper program anyway as I don't use it). Your best bet is to talk to the popper maintainer and/or the original author. > Hey Brian, > I dunno if you have been watching some of the lists but there is some > definate problems in Qualcom's popper... > There have been so many diffrent exploits found in such a short period of > time that even if I had installed a patch I would still be vulnerable. I > would very much like your advice as well as any advice from people who are > addressing the issue as to what to do to cover ALL the holes that are > known in the popper program. Is FreeBSD going to make a patch available > that will patch all the holes it they exists or am I going to have to do > this penny-anny, one patch at a time. > > Just a suggestion to all that have not heard about this problem...I would > disable the popper program until all problems have been addressed...I have > been compromised ( my system) once already and I hope to God that the > script kiddie didn't know how to edit kernel code or I am toast. > > Thanks Brian. > > Sasha Egan > Belen Consolidated Schools > Belen, NM > (505) 861-4981 > pager: (505) 875-8866 -- Brian , , Don't _EVER_ lose your sense of humour.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message