From owner-freebsd-current  Sat Jun 27 16:40:21 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA17996
          for freebsd-current-outgoing; Sat, 27 Jun 1998 16:40:21 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from freebie.lemis.com (freebie.lemis.com [139.130.136.133])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA17989;
          Sat, 27 Jun 1998 16:40:16 -0700 (PDT)
          (envelope-from grog@freebie.lemis.com)
Received: (from grog@localhost)
	by freebie.lemis.com (8.9.0/8.9.0) id JAA24944;
	Sun, 28 Jun 1998 09:10:11 +0930 (CST)
Message-ID: <19980628091010.O23035@freebie.lemis.com>
Date: Sun, 28 Jun 1998 09:10:10 +0930
From: Greg Lehey <grog@lemis.com>
To: Jason Godsey <godsey@godsey.net>, isp@FreeBSD.ORG
Cc: current@FreeBSD.ORG
Subject: qpopper compromise (was: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT (fwd))
References: <Pine.BSF.3.96.980627051733.18856A-100000@shaw.fidalgo.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <Pine.BSF.3.96.980627051733.18856A-100000@shaw.fidalgo.net>; from Jason Godsey on Sat, Jun 27, 1998 at 05:17:48AM -0700
WWW-Home-Page: http://www.lemis.com/~grog
Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Saturday, 27 June 1998 at  5:17:48 -0700, Jason Godsey wrote:
> --
> Jason Godsey - godsey@godsey.net - http://www.godsey.net/
> 
> ---------- Forwarded message ----------
> Date: Sat, 27 Jun 1998 00:58:24 -0400
> From: Seth McGann <smm@WPI.EDU>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT

I nearly deleted this one because it looked like spam...

> Its come to my attention that systems around the internet are being
> exploited using a new remote overflow in Qualcomm's Popper server.  Well,
> lets clear a few things up:
> 
> 1.  The working exploit was stolen from my development account,
> subsequently MANY sites were cracked in short order.  Much of Efnet was
> compromised as power crazed script kiddies gained root access on IRCOP
> boxes, giving themselves O-lines.

A fix has been committed to the port.  Download it and rebuild the
port if you're interested.

Greg
-- 
See complete headers for address and phone numbers
finger grog@lemis.com for PGP public key

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message